This repository contains detection engineering work and lab artifacts, organized by detection language and platform.
sigma/— Sigma rules (planned)yara/— YARA rules and static malware analysis write-upssnort/— Snort intrusion detection rules (planned)kql/— Microsoft Sentinel KQL (planned)splunk/— Splunk SPL (planned)
- Write-ups (.md) live inside each detection folder (e.g.,
yara/docs/,sigma/docs/) to keep documentation scoped to that detection type. - Malware samples are analyzed using static techniques unless explicitly stated otherwise.
- Rules target high-signal, behavior-based indicators over brittle IOCs where possible.