REx: Rule Explorer and DETR

REx: Rule Explorer is a collection and breakdown of several of the most popular open security detection rules for analysis and exploration, enabled by the powerful search and visualization capabilities of the Elastic stack! The Detection Engineering Threat Report (DETR) is the visual component of the REx project, where the data speaks for itself, with minimal interpretive narration.

LoFP

Living Off the False Positive: Living off the False Positive is an autogenerated collection of false positives sourced from some of the most popular rule sets.

LOLOL

Living Off the Living off the Land: A consolidated collection of great resources to thrive off the land

Detections-as-code (DAC) reference guide

Detection as Code (DaC) is a modern security approach that applies software development best practices to the creation, management, and deployment of security rules. This guide is for security analysts, engineers, and architects who develop, deploy, and manage detection rules, especially within Elastic Security environments.

Detection rules

Official SIEM rules in ES|QL, EQL, and KQL, running in the Elastic stack detection engine

Endpoint rules

Official EDR rules in EQL based on malicious behavior prevention, running on the Elastic endpoint agent

Other projects

Other projects: Various other projects