Phonetic similarity and homophone detection library for Python — near-homophones, sound-alike collisions, and variant generation. Features three scoring algorithms (PPC-A, PLD, LCS), composite scoring, exact and near-homophone discovery, variant generation, compound word splitting, batch collision scanning, and an optional LLM-powered deep analysis.

REx: Rule Explorer is a collection and breakdown of several of the most popular open security detection rules for analysis and exploration, enabled by the powerful search and visualization capabilities of the Elastic stack! The Detection Engineering Threat Report (DETR) is the visual component of the REx project, where the data speaks for itself, with minimal interpretive narration.

An autogenerated collection of false positives sourced from some of the most popular rule sets.

A consolidated collection of great resources to thrive off the land.

Detection as Code (DaC) is a modern security approach that applies software development best practices to the creation, management, and deployment of security rules. This guide is for security analysts, engineers, and architects who develop, deploy, and manage detection rules, especially within Elastic Security environments.

Official SIEM rules running in the Elastic stack detection engine.

Official EDR rules based on malicious behavior prevention, running on the Elastic endpoint agent.

Various other projects and experiments.