Defensive-Rules

This repository is a curated collection of detection rules authored by Matthew Iverson, organized first by rule type (Sigma or Splunk), and then by data source (Windows, Syslog, Zeek). The goal is to provide defenders with a centralized, modular resource for quickly identifying and deploying high-fidelity detections across multiple log types and platforms. While these rules are currently untested, they are based on real-world use cases, mapped to MITRE ATT&CK, and written with clarity and customization in mind.

Sigma

- windows
- syslog
- zeek

Splunk

- windows
- syslog
- zeek

NONE OF THESE ARE TESTED YET

Splunk

Change index to match your index

Name		Name	Last commit message	Last commit date
Latest commit History 107 Commits
Assets/Images		Assets/Images
Sigma		Sigma
Splunk		Splunk
LICENSE		LICENSE
README.md		README.md
template.md		template.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Defensive-Rules

Sigma

Splunk

About

Uh oh!

Releases

Packages

Uh oh!

Contributors 2

Uh oh!

License

Infinit3i/Defensive-Rules

Folders and files

Latest commit

History

Repository files navigation

Defensive-Rules

Sigma

Splunk

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors 2

Uh oh!

Packages