Skip to content

reversinglabs/reversinglabs-siem-rules

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

50 Commits

Malware

Malware

 
 

Ransomware

Ransomware

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

reversinglabs-siem-rules

This repository contains SIEM rules to aid in detecting the tactics, techniques, and procedures (TTPs) used by various threat actors.

Want to stay in the loop? Subscribe to be notified for new Microsoft Sentinel content from ReversingLabs: https://www.reversinglabs.com/threat-intel-weekly-newsletter-sign-up

Categories

Ransomware

Malware

Contents

Each group will have the following subdirectories containing detection rules and other useful resources:

Sigma

This folder contains Sigma rules that can be used to detect threat actor TTPs.

KQL

This folder contains KQL queries that can be used to identify threat actor TTPs in Microsoft Sentinel and Microsoft Defender for Endpoint. Use these queries to hunt for threats, or create analytic rules to generate alerts and incidents.

YARA

This optional folder contains related YARA rules that can be used to identify malware.

License

This project is licensed under the MIT License - see the LICENSE file for details.

About

A collection of various SIEM rules relating to malware family groups.

Topics

infosec siem detection-engineering microsoft-sentinel

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

58 stars

Watchers

5 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages