SIEM Detection Format. The shareable detection format for security professionals.

Sigma is a generic, open, and structured detection format that allows security teams to detect relevant log events in a simple and shareable way.

Detection engineers, threat hunters and all defensive security practitioners collaborate on detection rules. The repository offers more than 3000 detection rules of different type and aims to make reliable detections accessible to all at no cost.

• Sigma @ GitHub.
• C'est la fin des antivirus @ Underscore_'s Spotify :fr:.
• 🚨 Découvrez Sigma: l'outil open-source qui révolutionne la détection de menaces ! 🚨 @ Maory SChroder's LinkedIn :fr:.

Userland API monitor for threat hunting.

Captain is an endpoint monitoring tool that aims at spotting malicious events through API hooking, improving the process of threat hunting analysis . When a new process is created, Captain will inject a dll into it hooking some Windows API functions.

Center for Threat-Informed Defense Advancing the state of the art and state of the practice in threat-informed defense globally

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

Detect security threats in real time

Falco is a cloud-native security tool designed for Linux systems. It employs custom rules on kernel events, which are enriched with container and Kubernetes metadata, to provide real-time alerts. Falco helps you gain visibility into abnormal behavior, potential security threats, and compliance violations, contributing to comprehensive runtime security.

• Falco @ GitHub.

Related contents:

• Réagir à temps aux menaces dans Kubernetes avec Falco (Rachid Zarouali, Thomas Labarussias) @ Voxxed Days Luxembourg's YouTube :fr:.
• Extending Falco for Bitcoin @ sysdig.
• Falcoctl: Artifact Management for Falco @ Cloud Native Computing Foundation.

Canary tokens are a free, quick, painless way to help defenders discover they've been breached (by having attackers announce themselves. How tokens works (in 3 short steps):

1. Visit the site and get a free token (which could look like an URL or a hostname, depending on your selection.)
2. If an attacker ever uses the token somehow, we will give you an out of band (email or sms) notification that it's been visited.
3. As an added bonus, we give you a bunch of hints and tools that increase the likelihood of an attacker tripping on a canary token.