threat-detection

Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure

security authentication authorization api-testing hacktoberfest api-discovery owasp-top-10 devsecops security-testing api-security sensitive-data-exposure threat-detection idor devsecops-pipeline hacktoberfest2023 api-security-testing api-security-posture

UpdatedDec 17, 2025
Java

infosecB /awesome-detection-engineering

Star1.1k

Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying malicious or unauthorized activity before it negatively impacts an individual or an organization.

awesome splunk cybersecurity awesome-list mitre threat-detection detection-engineering

UpdatedNov 18, 2025

thalesgroup-cert /Watcher

Star1.1k

Watcher - Open Source AI-powered Cyber Threat Intelligence & Hunting Platform. Developed with Django & React JS.

security django osint ai monitoring reactjs incident-response phishing cybersecurity certificate-transparency threat-hunting watcher misp thehive threat-intelligence certstream threat-detection huggingface cyber-ai ai-threat-intelligence

UpdatedDec 17, 2025
JavaScript

kunai-project /kunai

Star1k

Threat-hunting tool for Linux

linux threat-hunting ebpf threat-detection security-monitoring

UpdatedNov 20, 2025
Rust

Cyb3r-Monk /Threat-Hunting-and-Detection

Sponsor

Star798

Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

dfir cybersecurity threat-hunting threat-detection kql detection-engineering kusto-language defender-for-endpoint microsoft-sentinel

UpdatedOct 4, 2025
Jupyter Notebook

cyb3rmik3 /KQL-threat-hunting-queries

Star750

A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

microsoft security sentinel threat-hunting threat-detection securitycenter kusto kql threat-hunt microsoft-365 kusto-query-language microsoft-security microsoft-sentinel kusto-query microsoft-365-security microsoft-365-defender threat-detecting microsoft-xdr microsoftxdr

UpdatedAug 28, 2025

dev-lu /osint_toolkit

Star741

Open source platform for cyber security analysts with many features for threat intelligence and detection engineering.

cybersecurity threat-hunting threat-intelligence threat-detection

UpdatedAug 17, 2025
JavaScript

turbot /tailpipe

Star531

select * from logs; Tailpipe is an open source SIEM for instant log insights, powered by DuckDB. Analyze millions of events in seconds, right from your terminal.

open-source aws devops log-analysis azure incident-response gcp forensics parquet siem mitre-attack threat-detection detections duckdb tailpipe

UpdatedDec 15, 2025
Go

utmstack /UTMStack

Star506

Enterprise-ready SIEM, SOAR and Compliance powered by real-time correlation and threat intelligence.

security security-audit log-analysis incident-response compliance threat-hunting siem hipaa soc threat-analysis security-automation security-tools threat-intelligence soar soc2 malware-detection log-parsing threat-detection cmmc security-operations-center

UpdatedDec 17, 2025
TypeScript

nianticlabs /venator

Star384

A flexible threat detection platform that simplifies rule management and deployment using K8s CronJob and Helm, but can also run standalone or with other job schedulers like Nomad.

kubernetes golang threat-detection detection-engineering