LOLOL

LoFP

Living Off the False Positive: Living off the False Positive is an autogenerated collection of false positives sourced from some of the most popular rule sets.

LOLOL

LOLOL

Living Off the Living off the Land: A consolidated collection of great resources to thrive off the land

DAC Reference

Detections-as-code (DAC) reference guide

Detection as Code (DaC) is a modern security approach that applies software development best practices to the creation, management, and deployment of security rules. This guide is for security analysts, engineers, and architects who develop, deploy, and manage detection rules, especially within Elastic Security environments.

detection rules

Detection rules

Official SIEM rules in ES|QL, EQL, and KQL, running in the Elastic stack detection engine

protections

Endpoint rules

Official EDR rules in EQL based on malicious behavior prevention, running on the Elastic endpoint agent

Other

Other projects

Other projects: Various other projects