awesome-repositories.com
المدونة
awesome-repositories.com

اكتشف أفضل مستودعات المصادر المفتوحة باستخدام بحث مدعوم بالذكاء الاصطناعي.

استكشفعمليات بحث منسقةبدائل مفتوحة المصدربرمجيات ذاتية الاستضافةالمدونةخريطة الموقع
المشروعحولكيفية ترتيب النتائجالصحافةخادم MCP
قانونيالخصوصيةالشروط
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

16 مستودعات

Awesome GitHub RepositoriesDetection Engines

Modular systems for identifying sensitive data using configurable patterns and validation logic.

Distinguishing note: Focuses on extensible detection logic for secrets rather than general-purpose regex engines.

Explore 16 awesome GitHub repositories matching security & cryptography · Detection Engines. Refine with filters or upvote what's useful.

Awesome Detection Engines GitHub Repositories

اعثر على أفضل المستودعات باستخدام الذكاء الاصطناعي.سنبحث عن أفضل المستودعات المطابقة باستخدام الذكاء الاصطناعي.
  • trufflesecurity/trufflehogالصورة الرمزية لـ trufflesecurity

    trufflesecurity/trufflehog

    24,630عرض على GitHub↗

    Trufflehog is a security tool designed to continuously monitor code repositories and cloud environments to detect, verify, and remediate exposed sensitive credentials and API keys. It functions as a comprehensive secret scanning engine that integrates directly into deployment pipelines and version control systems to intercept sensitive data before it is committed or pushed. By utilizing read-only operations and volatile memory processing, the system ensures that discovered credentials are never stored persistently, maintaining strict data privacy throughout the scanning lifecycle. The platfor

    Provides modular detection logic allowing users to define custom patterns and validation endpoints for identifying sensitive data.

    Gocredentialsdevsecopsdynamic-analysis
    عرض على GitHub↗24,630
  • chaitin/safelineالصورة الرمزية لـ chaitin

    chaitin/SafeLine

    21,527عرض على GitHub↗

    SafeLine is a containerized web application firewall and reverse proxy designed to secure web services by inspecting incoming HTTP traffic. It acts as a security gateway that sits in front of backend infrastructure to filter malicious requests and enforce access policies before they reach the application server. The platform distinguishes itself through advanced bot mitigation and content protection capabilities. It employs challenge-response mechanisms to verify human users and dynamically obfuscates HTML and JavaScript content to prevent unauthorized scraping and code tampering. These featu

    Analyzes incoming request patterns against known attack vectors to identify and block malicious payloads.

    Goapi-gatewayapplication-securityappsec
    عرض على GitHub↗21,527
  • crowdsecurity/crowdsecالصورة الرمزية لـ crowdsecurity

    crowdsecurity/crowdsec

    12,574عرض على GitHub↗

    CrowdSec is a collaborative, distributed security engine designed for threat detection and infrastructure protection. It functions as an intrusion detection system that parses logs and network traffic to identify malicious patterns, utilizing a bucket-based threshold detection model to aggregate events and trigger alerts. The platform is built on a modular architecture that includes a centralized local API server for managing security signals and a relational database for persistent storage of remediation decisions. What distinguishes the project is its decoupled enforcement model, which offl

    Uninstalls specific security detection patterns to stop monitoring for particular malicious activities.

    Goattacks-preventiondetectionids
    عرض على GitHub↗12,574
  • kubescape/kubescapeالصورة الرمزية لـ kubescape

    kubescape/kubescape

    11,489عرض على GitHub↗

    Kubescape is a Kubernetes security posture management platform designed to scan clusters, manifests, and images for misconfigurations, vulnerabilities, and compliance risks. It functions as a comprehensive security suite incorporating a compliance scanner, a container image vulnerability scanner, an admission controller for policy enforcement, and a runtime security monitor. The platform distinguishes itself through runtime-aware vulnerability filtering, which maps libraries loaded in memory to determine if vulnerabilities are actually reachable. It also integrates with AI assistants via a Mo

    Detects behavioral anomalies and active threats within a cluster using system probes and signature-based rules.

    Gobest-practicedevopskubernetes
    عرض على GitHub↗11,489
  • falcosecurity/falcoالصورة الرمزية لـ falcosecurity

    falcosecurity/falco

    8,670عرض على GitHub↗

    Falco is an eBPF runtime security monitor and cloud native detection engine that identifies abnormal behavior and security threats across hosts and containers. It functions as a Linux kernel event auditor, capturing system calls and kernel events in real-time to detect malicious activity. The system distinguishes itself through a rule-based threat detection model that evaluates system activity against a library of community-maintained rules and custom security definitions. It enriches raw kernel events with container and Kubernetes metadata to provide observability into isolated environments

    Functions as a cloud-native detection engine that evaluates system activity against a library of rules to identify threats.

    C++cloud-nativecncfcncf-project
    عرض على GitHub↗8,670
  • cncf/curriculumالصورة الرمزية لـ cncf

    cncf/curriculum

    6,578عرض على GitHub↗

    The CNCF Curriculum is an open-source repository that organizes exam domains and learning paths for CNCF certification courses covering Kubernetes and cloud-native technologies. It structures certification content into weighted domains that reflect exam question distribution, providing a structured study guide for candidates preparing for CNCF certifications. The curriculum is organized around multiple cloud-native domains including networking, security, GitOps, platform engineering, and certification preparation. It teaches cloud-native concepts through the lens of building and operating int

    Teaches collecting and analyzing runtime data to detect and respond to security incidents in containers.

    cncf
    عرض على GitHub↗6,578
  • aws/containers-roadmapالصورة الرمزية لـ aws

    aws/containers-roadmap

    5,351عرض على GitHub↗

    This project provides strategic roadmaps and guides detailing the evolution and deployment patterns of managed container orchestration and security services. It serves as a public tracking document for upcoming features and development priorities for EKS, ECS, ECR, and Fargate. The resource includes a cloud container orchestration guide and a Kubernetes and ECS strategy, outlining the development of managed Kubernetes and proprietary orchestration services for cloud infrastructure. It also provides a security and monitoring plan focused on scanning malicious activity and tracking workload hea

    Provides planning for runtime threat detection systems that evaluate real-time container activity against security rules.

    Shellawscontainersecr
    عرض على GitHub↗5,351
  • cellularprivacy/android-imsi-catcher-detectorالصورة الرمزية لـ CellularPrivacy

    CellularPrivacy/Android-IMSI-Catcher-Detector

    5,335عرض على GitHub↗

    هذا المشروع عبارة عن أداة لتدقيق أمن شبكات الهاتف المحمول وكاشف لمحطات IMSI الوهمية، مصمم لتحديد أبراج الاتصالات المزيفة وأجهزة المراقبة التي تحاول اعتراض حركة مرور الهاتف المحمول. يعمل المشروع كمحلل لواجهة الراديو وأداة لرسم خرائط أبراج الاتصالات، حيث يراقب الاتصالات لاكتشاف البنية التحتية غير المصرح بها للشبكة. يتميز النظام بدمج مراقبة مستوى التهديد في الوقت الفعلي مع القدرة على تحديد الرسائل القصيرة الصامتة والاتصالات الخفية المستخدمة لتتبع الأجهزة. كما يحلل حالة التشفير لاكتشاف عمليات خفض مستوى الشبكة القسرية إلى معايير تشفير أضعف، ويتحقق من هويات أبراج الاتصالات من خلال مطابقة بيانات الأبراج مع قواعد البيانات العامة. تغطي الأداة قدرات واسعة في تدقيق شبكات الهاتف المحمول، بما في ذلك تتبع شذوذ الإشارة، واستخراج بيانات أجهزة الراديو، ومنع الهجمات عن بُعد عبر بطاقة SIM أو تثبيت التطبيقات غير المصرح به. كما يوفر المشروع تصوراً لاتصال الأبراج وآلية للمستخدمين لتحديد سلاسل كشف مخصصة لمراقبة الرسائل المشبوهة. يتم تحقيق التفاعل مع الأجهزة منخفضة المستوى عن طريق تنفيذ أوامر AT عبر طرفية بصلاحيات الجذر (root) لاسترجاع بيانات القياس عن بُعد للشبكة.

    Displays real-time threat levels based on base station behavior and encryption strength to alert users.

    Java
    عرض على GitHub↗5,335
  • deepfence/threatmapperالصورة الرمزية لـ deepfence

    deepfence/ThreatMapper

    5,282عرض على GitHub↗

    ThreatMapper هي منصة حماية تطبيقات سحابية أصلية وماسح ضوئي لأمان البنية التحتية. تعمل كنظام لإدارة الثغرات وجامع بيانات تتبع البنية التحتية السحابية مصمم لمراقبة أعباء العمل واكتشاف مخاطر الأمان عبر بيئات السحابة والحاويات. تتميز المنصة بمصور حركة مرور الشبكة الذي يستخدم التعلم الآلي لتصنيف أنماط الاتصال ونظام رسم خرائط الهجوم القائم على الرسم البياني لتحديد المسارات عالية المخاطر بين الثغرات وتبعيات الشبكة. تغطي قدراتها الأوسع تدقيق امتثال البنية التحتية السحابية مقابل معايير الأمان، واكتشاف تهديدات الإنتاج للبرمجيات الضارة والأسرار المكشوفة، وجمع حزم الشبكة وبيانات تتبع أعباء العمل عبر مستشعرات موزعة. تتم إدارة نشر مكونات المسح عبر بيئات السحابة، والعناقيد، والأجهزة الافتراضية من خلال أدوات الحاويات والبنية التحتية ككود.

    Identifies security threats in real-time across cloud, serverless, and container platforms.

    TypeScriptcloud-nativecloudsecuritycnapp
    عرض على GitHub↗5,282
  • aquasecurity/traceeالصورة الرمزية لـ aquasecurity

    aquasecurity/tracee

    4,377عرض على GitHub↗

    Tracee is a cloud-native runtime security and forensics tool that uses eBPF to capture system calls and kernel events in real time. It operates as a standalone binary or a Helm-deployable agent for Kubernetes, normalizing system calls, network events, and container activities into a unified event pipeline for consistent analysis. The tool distinguishes itself through policy-driven event filtering using YAML-based rules, allowing users to target specific workloads and reduce noise during monitoring. It includes built-in threat detection signatures that flag suspicious behavioral patterns witho

    Applies behavioral patterns and pre-defined signatures to identify suspicious activity across distributed workloads.

    Gobpfdockerebpf
    عرض على GitHub↗4,377
  • hotcakex/harden-windows-securityالصورة الرمزية لـ HotCakeX

    HotCakeX/Harden-Windows-Security

    4,139عرض على GitHub↗

    Harden-Windows-Security is a security hardening tool and framework designed to reduce the attack surface of the Windows operating system through policy enforcement. It provides a collection of security presets and templates to implement official hardening standards across multiple devices. The project distinguishes itself through a comprehensive execution control system, featuring a manager for Windows Application Control and a kernel protection suite. It implements strict trust models, including kernel-mode driver whitelisting, signed policy implementation on the EFI partition, and code inte

    The product uses cloud-based AI and machine learning to identify and block new malware rapidly.

    C#1st-party-securityapplicationcontrolaudit
    عرض على GitHub↗4,139
  • neo23x0/lokiالصورة الرمزية لـ Neo23x0

    Neo23x0/Loki

    3,763عرض على GitHub↗

    Loki is an endpoint detection tool, forensic artifact analyzer, and threat intelligence scanner. It functions as a YARA-based indicator of compromise scanner designed to identify malicious persistence mechanisms, web shells, and unauthorized administration tools across local and remote systems. The project distinguishes itself by integrating multi-source threat intelligence, allowing for the loading of custom signature sets and encrypted indicators. It combines hash-based artifact detection with YARA rule execution to scan files, process memory, and registry hives for known malicious byte seq

    Functions as a scanner for identifying malicious persistence mechanisms and unauthorized tools across remote systems.

    Python
    عرض على GitHub↗3,763
  • velocidex/velociraptorالصورة الرمزية لـ Velocidex

    Velocidex/velociraptor

    3,769عرض على GitHub↗

    Velociraptor is a digital forensics and incident response platform, endpoint detection and response system, and visibility tool. It provides a query engine and remote forensic collector used to hunt for indicators of compromise and perform triage across a fleet of hosts. The system is distinguished by its specialized query language for interrogating host state and parsing binary files. It features a notebook environment that combines markdown documentation with executable query cells to standardize investigative workflows and enable collaborative reporting. The platform covers a wide range o

    Analyzes real-time system activity, configuration, and process memory to detect runtime behavioral threats.

    Godigital-forensicsendpoint-discoveryendpoint-protection
    عرض على GitHub↗3,769
  • jpcertcc/logontracerالصورة الرمزية لـ JPCERTCC

    JPCERTCC/LogonTracer

    3,136عرض على GitHub↗

    LogonTracer is a security auditing tool designed for logon analysis and forensic log auditing. It functions as a dockerized security auditor that utilizes a security event graph database to map account names and network addresses, allowing for the visualization of complex system compromise patterns and authentication paths. The system features a Sigma detection engine that scans imported event logs against standardized rule sets to identify known malicious activity. It also includes an anomalous behavior detector that applies statistical analysis, graph algorithms, and hidden Markov models to

    Provides an AI-powered engine that assesses risk against known attack tactics to generate automated detection rules.

    Pythonactive-directoryblueteamdfir
    عرض على GitHub↗3,136
  • comodosecurity/openedrالصورة الرمزية لـ ComodoSecurity

    ComodoSecurity/openedr

    2,603عرض على GitHub↗

    OpenEDR is an endpoint detection and response platform designed to collect telemetry and monitor system activity to identify security breaches. It functions as a host-based intrusion detection system and telemetry collector, gathering detailed data on process, network, and file activity. The system includes a dockerized security stack that bundles search, logging, and visualization tools into containers for analyzing endpoint telemetry. It features a security event visualizer that maps process lineage and indexes logs to facilitate root-cause analysis of attacks. The platform provides capabi

    Provides a comprehensive endpoint detection and response platform for monitoring system activity and detecting security breaches.

    C++
    عرض على GitHub↗2,603
  • elastic/detection-rulesالصورة الرمزية لـ elastic

    elastic/detection-rules

    2,508عرض على GitHub↗

    This project is a detection-as-code framework providing a library of security monitoring rules and predefined detection content for Elasticsearch data indices. It serves as a threat detection rule library designed to identify malicious activity and attack patterns across diverse data streams in cloud and on-premises environments. The framework implements a detection engineering workflow where rules are defined in YAML and managed as versioned code. It includes a set of command-line utilities for automated rule deployment, metadata searching, and template generation, supported by a Python-base

    Identifies malicious activity by correlating system events and monitoring runtime behavioral patterns.

    Pythonthreat-detectionthreat-hunting
    عرض على GitHub↗2,508
  1. Home
  2. Security & Cryptography
  3. Detection Engines

استكشف الوسوم الفرعية

  • Cloud NativeDetection engines that apply behavioral patterns and pre-defined signatures to identify suspicious activity across distributed workloads. **Distinct from Detection Engines:** Distinct from Detection Engines: focuses on cloud-native and distributed workload detection, not general pattern matching.
  • Detection Scenario RemoversTools for uninstalling specific security detection patterns from the engine. **Distinct from Detection Engines:** Distinct from Detection Engines: focuses on the removal of specific scenarios rather than the engine functionality itself.
  • Runtime Threat Detection4 وسوم فرعيةEngines that evaluate real-time system activity against security rules to detect threats. **Distinct from Detection Engines:** Detects runtime behavioral threats across hosts and containers, whereas the candidate focuses on sensitive data/secret detection.