Lastly, Iβm looking to expand the ruleset sources. If you would like me to include one, please submit an issue.
10.04.2025 10:20
π 0
π 0
π¬ 0
π 0
Lastly, Iβm looking to expand the ruleset sources. If you would like me to include one, please submit an issue.
Rulehound is nowhere near done. There are a few known bugs and most likely some issues that I wasnβt able to identify during testing. Please submit any bugs you find in the Rulehound Github repo.
Why reinvent the wheel when thereβs already a blueprint? Itβs a challenge to search across all the various rulesets for a particular use case. Rulehound aims to solve this problem.
Why Rulehound? Pretty simple: as Detection Engineers, we oftentimes turn to the amazing free, opensource and publicly available rulesets for inspiration when developing new content.
Today I'd like to share a tool I recently wrote called Rulehound. It's a detection ruleset catalogue and search engine containing over 7,500 rules from 5 distinct sources. More details in thread.
rulehound.com
I recently stumbled upon roadmap.sh - it's a great resource for self-learners that appreciate some structure.
For anyone who might find it useful, I threw together a basic "Threat Detection Engineer" roadmap:
roadmap.sh/r/threat-det...
In the latest addition to awesome-detection-engineering, the team at Google outlines 5 important principles for driving a highly effective threat detection program. Check it out here:
cloud.google.com/transform/ho...
Check out the latest addition to awesome-detection-engineering: AttackRuleMap
AttackRuleMap is a clean and easy to use table of MITRE ATT&CK techniques and any associated Sigma or Splunk rules. Thanks krdmnbrk for the add!
attackrulemap.com
Tickets for #SkiCon are now on sale! Thereβs a very limited amount so gets yours while you can!
skicon.tickit.ca/events/27355
I'm excited to share that we're hiring for a Detection Engineer at Klaviyo.
Come work with me and a team of highly talented Detection & Response Engineers as we build an innovative and highly effective threat detection program.
www.klaviyo.com/careers/jobs...
Me and every parent I know right now
Ultralytics, a python package with close to 6.4 million downloads per month, was backdoored to run a cryptominer. Running theory from the reported GitHub issue is a GitHub action injection attack, but theres also evidence that the malicious code was published directly via PyPi and skipped CI/CD
donβt ever settle somewhere where you donβt have this
getting to work with people much smarter than you is such an underrated benefit
0xv1n and I added a new way to interface with the LOOBins project! Binaries are now available in a STIX bundle as Tool objects. Threat intel teams can import the bundle into many popular TIPs to help track each binary's relationship to campaigns, threat actors, etc.
www.loobins.io/loobins_stix...
Great starter pack for detection engineers or any defensive-focused cybersecurity folks.
The cold and dark weather + waning sunlight seems to always brings new energy to the open source and content creation community. New LOObins fun + detection-as-code stuff coming soon!