Introduction
In the ever-evolving landscape of cybersecurity, staying ahead of threats requires a diverse toolkit and a wealth of knowledge. This article compiles a comprehensive list of resources, including tools, rules, and templates, designed to aid cybersecurity professionals in their quest for robust defense mechanisms. From detecting malicious activities to creating actionable threat intelligence reports, these resources are invaluable for both beginners and seasoned experts.
Living Off The Land Binaries, Scripts, and Libraries
- LOLBAS: A repository of Living Off The Land Binaries, Scripts, and Libraries that can be used by attackers to leverage legitimate system tools for malicious purposes. LOLBAS
Detection and Hunting Rules
- Sigma Rule: A generic signature format for SIEM systems, offering over 3000 detection rules to identify potential threats. SigmaHQ/sigma
- KQL Rule: KQL (Kusto Query Language) resources for hunting and detecting threats, including a collection of queries and the latest updates. KQL Search, KQL Security Sources – 2024 Update
Threat Intelligence and Reporting
- CTI Template: Templates and tools for creating high-quality, actionable Cyber Threat Intelligence (CTI) reports. center-for-threat-informed-defense/cti-blueprints
SIEM and Detection Tools
- Qradar Rule: Open-source rules for QRadar to detect various types of threats in the environment. Xboarder56/QRCE-Rules
- SIEM Resources: A curated list of resources for SIEM solutions, including tools, use cases, and tutorials. scspcommunity/Cyber-Sec-Resources
Incident Response and Playbooks
- Playbooks: Comprehensive guides and templates for incident response, including battle cards and playbooks for various scenarios. Incident Response Playbooks, awesome-incident-response, Incident-Playbook, gsvsoc_cirt-playbook-battle-cards, Incident-Response-Playbooks
Methodology and Use Cases
- SIEM Use Cases: Methodologies and use cases for SIEM systems to enhance detection and response capabilities. siemucsm
- SIEM Data Source: Comprehensive data sources for SIEM systems, aligned with the MITRE ATT&CK framework. MITRE ATT&CK Data Sources
Links:
Living Off The Land Binaries, Scripts and Libraries
https://lolbas-project.github.io/#
Sigma Rule
https://github.com/SigmaHQ/sigma
KQL Rule
https://www.kqlsearch.com/
https://kqlquery.com/posts/kql-sources-2024-update/
– Collection of KQL queries
– Hunting queries and detections
– Repository for threat hunting and detection queries, etc. for Defender for Endpoint
– KQL queries for Advanced Hunting
News and the latest queries
https://kustoinsights.substack.com/
CTI Template
https://github.com/center-for-threat-informed-defense/cti-blueprints
– Know: Threat Actor Report
– Find: Intrusion Analysis Report
– Change: Campaign Report
– Inform: Executive Report
Evaluate defensive capabilities against the real-world threats
https://github.com/center-for-threat-informed-defense/adversary_emulation_library
Qradar Rule
https://github.com/Xboarder56/QRCE-Rules
List of resources including tools, blog-posts and how-to tutorials compiled
https://github.com/scspcommunity/Cyber-Sec-Resources/
100 SOC Tools, Anomaly detection, Splunk Usecase
https://github.com/manzar2525/SIEM/tree/main
Playbook
https://www.incidentresponse.org/playbooks/
https://github.com/meirwah/awesome-incident-response
https://github.com/austinsonger/Incident-Playbook
https://github.com/guardsight/gsvsoc_cirt-playbook-battle-cards
https://github.com/msraju/Incident-Response-Playbooks
https://github.com/dfir-dd/DFIR-wiki
https://github.com/luduslibrum/awesome-playbooks
https://github.com/ThreatHuntingProject/ThreatHunting
Methodology: SIEM Use Cases
https://github.com/siemucsm/siemucsm
SIEM Data Source
https://attack.mitre.org/datasources/