This project automates the creation of a complete security lab environment for detection engineering and attack simulation. With a single command, it deploys three virtual machines: a fully configured Splunk server, a Windows Server Active Directory Domain Controller with advanced logging, and a Splunk SOAR server for automated response capabilities.

Turn ideas into detections your SIEM understands. Generate Sigma, KQL, and SPL rules with tests and playbooks in seconds.

DetectPack Forge turns plain-English behaviors or sample logs into production-ready detection packs — Sigma, KQL (Sentinel), SPL (Splunk) — plus tests and a response playbook, mapped to MITRE ATT&CK, fully powered by Gen AI.

• DetectPack Forge @ GitHub.

Mapping of open-source detection rules and atomic tests.

The goal of this project is to bridge the gap between Atomic Red Team's adversary simulations and open-source detection rules. By doing so, this project aims to help security professionals simulate attacks and evaluate their detection strategies more effectively. 🔒

• AttackRuleMap @ GitHub.

Open source alternative to Tines / Palo Alto XSOAR. Automate security alerts, your way.

Tracecat is an open source Tines / Splunk SOAR alternative. Build AI-assisted workflows, orchestrate alerts, and close cases fast.

SOAR (Security Orchestration, Automation and Response) refers to technologies that enable organizations to automatically collect and respond to alerts across different tooling. Though Tracecat is built for security, it's workflow automation and case management system can be applied to other alerting environments (e.g. site reliability engineering, DevOps, and physical systems monitoring).

• Tracecat @ GitHub.
• Tracecat – L’alternative open source à Tines / Splunk SOAR pour automatiser la sécu @ Korben :fr:.

A lightweight, ultra-fast tool for building observability pipelines.

• Vector @ GitHub.

Related contents:

• Connaissez-vous Vector @ Xavier Pestel's LinkedIn :fr:.
• Keeping Secrets Out of Logs @ allan.reyes.sh.