awesome-repositories.com
Blog
awesome-repositories.com

Entdecke die besten Open-Source-Repositories mit KI-gestützter Suche.

EntdeckenKuratierte SuchenOpen-Source-AlternativenSelf-hosted SoftwareBlogSitemap
ProjektÜber unsRanking-MethodikPresseMCP-Server
RechtlichesDatenschutzAGB
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

31 Repos

Awesome GitHub RepositoriesCustom Detection Rules

Frameworks for defining custom patterns and validation logic to identify specific types of sensitive data.

Distinguishing note: Focuses on user-defined detection rules rather than pre-built detection patterns.

Explore 31 awesome GitHub repositories matching security & cryptography · Custom Detection Rules. Refine with filters or upvote what's useful.

Awesome Custom Detection Rules GitHub Repositories

Finde die besten Repos mit KI.Wir suchen mit KI nach den am besten passenden Repositories.
  • dxa4481/trufflehogAvatar von dxa4481

    dxa4481/truffleHog

    26,790Auf GitHub ansehen↗

    TruffleHog is a secret scanning tool designed to identify leaked credentials and API keys across version control systems, cloud storage, and filesystems. It functions as a git secret detector that enumerates hidden commits and a cloud storage security auditor for inspecting container images and storage buckets. The project is distinguished by a credential verification engine that tests discovered secrets against service APIs to confirm they are active, which eliminates false positive alerts. It further analyzes these verified credentials to determine the specific access levels and resources t

    Allows users to create tailored detection rules using regular expressions and entropy filters for proprietary credential formats.

    Go
    Auf GitHub ansehen↗26,790
  • trufflesecurity/trufflehogAvatar von trufflesecurity

    trufflesecurity/trufflehog

    24,630Auf GitHub ansehen↗

    Trufflehog is a security tool designed to continuously monitor code repositories and cloud environments to detect, verify, and remediate exposed sensitive credentials and API keys. It functions as a comprehensive secret scanning engine that integrates directly into deployment pipelines and version control systems to intercept sensitive data before it is committed or pushed. By utilizing read-only operations and volatile memory processing, the system ensures that discovered credentials are never stored persistently, maintaining strict data privacy throughout the scanning lifecycle. The platfor

    Creates specific patterns and validation checks to identify unique types of sensitive data tailored to organizational security requirements.

    Gocredentialsdevsecopsdynamic-analysis
    Auf GitHub ansehen↗24,630
  • casbin/casbinAvatar von casbin

    casbin/casbin

    19,848Auf GitHub ansehen↗

    Casbin is an authorization library that provides a model-based engine for enforcing access control across diverse application environments. It decouples authorization logic from application code by using a configuration-driven approach, allowing developers to define access rules and evaluation logic independently. The system supports a wide range of access control models, including role-based, attribute-based, and relationship-based patterns, which are evaluated at runtime to determine if a subject is permitted to perform an action on a resource. The project distinguishes itself through a hig

    Registers custom logic to evaluate complex relationships between subjects, objects, or domains, allowing a single policy rule to cover multiple resource identifiers.

    Goabacaccess-controlacl
    Auf GitHub ansehen↗19,848
  • dyad-sh/dyadAvatar von dyad-sh

    dyad-sh/dyad

    19,648Auf GitHub ansehen↗

    Dyad is a local, artificial intelligence-powered development environment designed to manage, edit, and scaffold full-stack software projects. It functions as an automated codebase manager and code editor that leverages language models to execute programming tasks, maintain project context, and apply targeted modifications directly to source files on a user's machine. The platform distinguishes itself through a model-agnostic architecture that allows for flexible integration with various language model runtimes. It provides specialized operational modes to optimize development speed and effici

    Allows definition of project-specific security policies in configuration files to customize automated vulnerability scanning.

    TypeScriptai-app-builderanthropicartificial-intelligence
    Auf GitHub ansehen↗19,648
  • fail2ban/fail2banAvatar von fail2ban

    fail2ban/fail2ban

    17,993Auf GitHub ansehen↗

    Fail2ban is an intrusion prevention system that monitors system log files to detect malicious activity and automatically enforce security policies. By parsing log data in real time, the tool identifies patterns of unauthorized access or repeated authentication failures and responds by dynamically updating network access control lists to restrict offending sources. The software functions as a firewall automation tool that maintains stateful tracking of suspicious behavior across various network services. It utilizes a regex-driven pattern matching engine to identify specific attack signatures,

    Allows administrators to define custom regular expression patterns to identify and respond to specific attack signatures.

    Pythonanti-botattack-preventionban-hosts
    Auf GitHub ansehen↗17,993
  • awslabs/git-secretsAvatar von awslabs

    awslabs/git-secrets

    13,177Auf GitHub ansehen↗

    Git-secrets is a security utility designed to prevent the accidental exposure of sensitive credentials by integrating automated scanning directly into the version control commit lifecycle. It functions as a commit scanner that evaluates staged files and commit messages against defined security policies before changes are finalized in a repository. The tool utilizes regular expression pattern matching to identify potential secrets and supports the registration of custom patterns to address specific organizational security requirements. To manage operational friction, it includes mechanisms for

    Supports registering custom regular expressions to identify and block specific types of sensitive data from being committed.

    Shell
    Auf GitHub ansehen↗13,177
  • crowdsecurity/crowdsecAvatar von crowdsecurity

    crowdsecurity/crowdsec

    12,574Auf GitHub ansehen↗

    CrowdSec is a collaborative, distributed security engine designed for threat detection and infrastructure protection. It functions as an intrusion detection system that parses logs and network traffic to identify malicious patterns, utilizing a bucket-based threshold detection model to aggregate events and trigger alerts. The platform is built on a modular architecture that includes a centralized local API server for managing security signals and a relational database for persistent storage of remediation decisions. What distinguishes the project is its decoupled enforcement model, which offl

    Constructs custom pattern-matching logic to inspect HTTP requests for malicious payloads.

    Goattacks-preventiondetectionids
    Auf GitHub ansehen↗12,574
  • kubescape/kubescapeAvatar von kubescape

    kubescape/kubescape

    11,489Auf GitHub ansehen↗

    Kubescape is a Kubernetes security posture management platform designed to scan clusters, manifests, and images for misconfigurations, vulnerabilities, and compliance risks. It functions as a comprehensive security suite incorporating a compliance scanner, a container image vulnerability scanner, an admission controller for policy enforcement, and a runtime security monitor. The platform distinguishes itself through runtime-aware vulnerability filtering, which maps libraries loaded in memory to determine if vulnerabilities are actually reachable. It also integrates with AI assistants via a Mo

    Provides a framework for defining custom security rules using an expression language to trigger alerts.

    Gobest-practicedevopskubernetes
    Auf GitHub ansehen↗11,489
  • pymumu/smartdnsAvatar von pymumu

    pymumu/smartdns

    10,931Auf GitHub ansehen↗

    SmartDNS is a local recursive DNS resolver and server that manages granular query rules, dual-stack networking, and encrypted gateway proxying. It functions as a DNS traffic filter and DNS64 translator, allowing IPv6-only clients to communicate with IPv4 servers. The project distinguishes itself through parallel upstream querying, which sends requests to multiple servers simultaneously to return the response with the lowest network latency. It supports DNS server virtualization, enabling the operation of multiple independent server instances on different ports, each with its own configuration

    Applies distinct resolution and filtering policies based on the MAC or IP address of the requester.

    Ccdnsdns-over-https
    Auf GitHub ansehen↗10,931
  • bunkerity/bunkerwebAvatar von bunkerity

    bunkerity/bunkerweb

    10,629Auf GitHub ansehen↗

    BunkerWeb is a containerized suite of infrastructure tools that functions as a cloud-native web application firewall and Nginx reverse proxy. It provides a security layer for web applications, combining traffic routing with automated SSL certificate management and a web-based security dashboard for monitoring and configuration. The project distinguishes itself through its deep integration with container orchestrators, serving as a Kubernetes ingress controller that automates security settings and service discovery via container labels. It features a plugin-based extension model and a manageme

    Allows injection of custom server configurations to handle complex use cases or false positives.

    Python
    Auf GitHub ansehen↗10,629
  • neo23x0/sigmaAvatar von Neo23x0

    Neo23x0/sigma

    10,591Auf GitHub ansehen↗

    Sigma is a generic SIEM signature format and log event pattern standard used to describe malicious activity. It provides a vendor-neutral system for defining security event patterns in YAML, ensuring that detection logic remains portable across different monitoring platforms. The project maintains a curated library of peer-reviewed detection rules that identify threats and compliance violations. This standardized approach allows for the exchange of threat hunting logic and the translation of generic signatures into specific queries for various security information and event management systems

    Describes log events using a standardized markup format to identify threats across diverse monitoring systems.

    Python
    Auf GitHub ansehen↗10,591
  • horsicq/detect-it-easyAvatar von horsicq

    horsicq/Detect-It-Easy

    10,266Auf GitHub ansehen↗

    Detect-It-Easy is a binary file identifier and analysis toolkit designed to determine file formats, compilers, and packers. It functions as a binary file identifier that utilizes signature matching and heuristic analysis to identify executable and archive formats. The project includes a custom file signature engine and a scriptable rule system for defining and applying detection logic to identify specific binary patterns. It features specialized detectors for Android packages, such as APK and DEX files, and a malware packer detector to identify protections, obfuscators, and virus families. T

    Implements a domain-specific language allowing users to define custom detection logic for binary pattern matching.

    JavaScriptbinary-analysisdebuggerdetect
    Auf GitHub ansehen↗10,266
  • faisalman/ua-parser-jsAvatar von faisalman

    faisalman/ua-parser-js

    10,140Auf GitHub ansehen↗

    ua-parser-js is a JavaScript library used to extract browser, operating system, and device information from raw user agent strings and client hints. It functions as a cross-platform tool that runs in both web browsers and Node.js server environments to identify web visitors. The library integrates modern HTTP client hint headers to retrieve hardware and browser details with higher accuracy than standard string parsing. It also includes a specialized detector to identify automated AI agents, web crawlers, and bots to distinguish human traffic from automated scripts. The project covers hardwar

    Provides a mechanism to extend detection capabilities by adding custom regular expressions for browser and bot identification.

    JavaScriptanalyticsbot-detectionbrowser-detection
    Auf GitHub ansehen↗10,140
  • virustotal/yaraAvatar von VirusTotal

    VirusTotal/yara

    9,420Auf GitHub ansehen↗

    YARA is a pattern matching engine and binary analysis tool used to identify and classify malware samples. It functions as a malware research framework that allows for the definition of file descriptions and detection rules to find indicators of compromise within binaries. The system enables the creation of custom detection rules using strings, wildcards, and regular expressions. These rules use boolean logic to match textual or binary patterns, allowing for the classification of files into specific malware families and the automation of threat intelligence. The engine utilizes Aho-Corasick s

    Enables the creation of custom detection rules using strings, wildcards, and regular expressions.

    Cyara
    Auf GitHub ansehen↗9,420
  • github/codeqlAvatar von github

    github/codeql

    9,252Auf GitHub ansehen↗

    CodeQL is a semantic code analysis engine and vulnerability scanning tool that treats source code as data. It utilizes a static analysis query language to define complex patterns and security vulnerabilities within a code graph database. The system represents source code as a relational database, enabling the execution of structural queries and data flow analysis. This approach allows for the detection of security flaws and coding errors across large-scale repositories. The tool provides capabilities for automated code auditing, static analysis security testing, and custom vulnerability dete

    Allows users to define custom detection rules to find tailored bug patterns within a codebase.

    CodeQLcodeqlgithub-advanced-securitygithub-security-lab
    Auf GitHub ansehen↗9,252
  • falcosecurity/falcoAvatar von falcosecurity

    falcosecurity/falco

    8,670Auf GitHub ansehen↗

    Falco is an eBPF runtime security monitor and cloud native detection engine that identifies abnormal behavior and security threats across hosts and containers. It functions as a Linux kernel event auditor, capturing system calls and kernel events in real-time to detect malicious activity. The system distinguishes itself through a rule-based threat detection model that evaluates system activity against a library of community-maintained rules and custom security definitions. It enriches raw kernel events with container and Kubernetes metadata to provide observability into isolated environments

    Allows the adjustment of existing security lists, macros, and rules through appending values or replacing configurations.

    C++cloud-nativecncfcncf-project
    Auf GitHub ansehen↗8,670
  • 0xerr0r/blockyAvatar von 0xERR0R

    0xERR0R/blocky

    6,653Auf GitHub ansehen↗

    Blocky is a stateless DNS proxy that functions as a network-wide ad-blocker and content filter. It operates as a single binary or Docker container with no database or persistent state, accepting DNS queries over UDP, TCP, HTTPS, TLS, QUIC, and HTTP/3 through a unified plugin-based query pipeline. The core of the system is a client-group policy engine that assigns devices to named groups and applies per-group blocklists, allowlists, and upstream resolvers, with all configuration changes applied through hot-reloading without requiring a restart. The project distinguishes itself through its modu

    Applies distinct allow and deny lists to different client groups such as kids or smart home devices.

    Goad-blockeradblockadblocker
    Auf GitHub ansehen↗6,653
  • shibing624/pycorrectorAvatar von shibing624

    shibing624/pycorrector

    6,473Auf GitHub ansehen↗

    pycorrector is an open-source toolkit for detecting and correcting spelling and grammar errors in Chinese text. It combines multiple correction approaches, including rule-based methods using Kenlm n-gram language models and confusion sets, as well as deep learning correctors built on BERT, GPT, and T5 models. The toolkit also provides a command-line interface for batch processing Chinese text files with configurable detection and output options. The project distinguishes itself by offering a range of correction strategies that can be mixed and matched. Rule-based correction uses character-lev

    Adjusts the detection threshold to control how aggressively potential errors are flagged during correction.

    Pythoncscerror-correctionerror-detection
    Auf GitHub ansehen↗6,473
  • crytic/slitherAvatar von crytic

    crytic/slither

    6,141Auf GitHub ansehen↗

    Provides a Python API that lets developers write and integrate their own vulnerability detection rules.

    Pythonethereumsoliditystatic-analysis
    Auf GitHub ansehen↗6,141
  • mandiant/capaAvatar von mandiant

    mandiant/capa

    6,062Auf GitHub ansehen↗

    capa is a binary capability scanner that identifies high-level behaviors and actions an executable can perform, such as network communication or file manipulation. It functions as a malware behavior analysis tool and a MITRE ATT&CK mapping framework, scanning PE, ELF, .NET, and shellcode files through both static analysis and dynamic sandbox report processing. The tool distinguishes itself through a YAML-based detection rule engine that defines detection logic in human-readable files, with conditions expressed as feature combinations and logical operators. It integrates with IDA Pro, Ghidra,

    Identifies packed programs and warns users when obfuscation may cause misleading analysis results.

    Python
    Auf GitHub ansehen↗6,062
Vorherige12Nächste
  1. Home
  2. Security & Cryptography
  3. Custom Detection Rules

Unter-Tags erkunden

  • Client Detection Rules1 Sub-TagCustom patterns used specifically to identify browsers, devices, or bots. **Distinct from Custom Detection Rules:** Distinct from Custom Detection Rules which focus on sensitive data, this focuses on client identity.
  • Custom Pattern MatchersUser-defined logic for evaluating complex relationships between subjects, objects, or domains. **Distinct from Custom Detection Rules:** Distinct from custom detection rules: focuses on authorization-specific pattern matching rather than data detection.
  • Detection Artifact DistributionPackaging detection logic into shareable artifacts for deployment across a fleet of endpoints. **Distinct from Custom Detection Rules:** Focuses on the distribution mechanism of rules as artifacts, not the definition of the rules themselves.
  • Detection Scenario InspectorsTools for verifying the configuration and operational status of security detection rules. **Distinct from Custom Detection Rules:** Distinct from Custom Detection Rules: focuses on the inspection and verification of existing rules rather than their definition.
  • Detection Sensitivity TuningAdjustment of security rules via exceptions and overrides to minimize false positives. **Distinct from Custom Detection Rules:** Distinct from Custom Detection Rules by focusing on the tuning and refinement of existing rules rather than their creation.
  • Log Event SignaturesStandardized markup definitions used to describe malicious log events across different platforms. **Distinct from Custom Detection Rules:** Focuses on log event patterns for threat detection rather than patterns for identifying sensitive data/secrets
  • Lua Detection RulesWrites detection rules using Lua scripting to inspect packet payloads and match custom patterns. **Distinct from Custom Detection Rules:** Distinct from Custom Detection Rules: uses Lua scripting for rule logic, not just pattern definitions.
  • Prebuilt Detection Rule Packs2 Sub-TagsReady-made analytics rules that trigger alerts on known attack patterns and suspicious behaviors. **Distinct from Custom Detection Rules:** Distinct from Custom Detection Rules: focuses on pre-built, ready-to-deploy rule packs rather than frameworks for authoring custom rules.
  • Rule Definition Shortcuts1 Sub-TagPredefined patterns and shortcuts for common security scenarios to simplify custom rule writing. **Distinct from Custom Detection Rules:** Provides simplified shortcuts for common security patterns rather than a full framework for defining patterns.
  • Server Configuration OverridesCustom rules for adjusting server behavior and resolving false positives. **Distinct from Custom Detection Rules:** Focuses on overriding server-level routing/behavioral rules rather than just data detection patterns.
  • Stylistic Rule DefinitionsUser-defined logic for identifying specific CSS patterns and stylistic violations. **Distinct from Custom Detection Rules:** Focuses on CSS style and convention patterns rather than security secrets or packet payloads.