Projects
LoFP
Living Off the False Positive: Living off the False Positive is an autogenerated collection of false positives sourced from some of the most popular rule sets.
LOLOL
Living Off the Living off the Land: A consolidated collection of great resources to thrive off the land
Detections-as-code (DAC) reference guide
Detection as Code (DaC) is a modern security approach that applies software development best practices to the creation, management, and deployment of security rules. This guide is for security analysts, engineers, and architects who develop, deploy, and manage detection rules, especially within Elastic Security environments.
Detection rules
Official SIEM rules in ES|QL, EQL, and KQL, running in the Elastic stack detection engine
Endpoint rules
Official EDR rules in EQL based on malicious behavior prevention, running on the Elastic endpoint agent
Other projects
Other projects: Various other projects