🛡️ Cybersecurity Tools 📋GRC & Compliance 🔒Privacy & Legal 🎓Training & Awareness

Browse All Products →

Pricing About Blog

Sign In Register

Home/Products/Cybersecurity Tools/Detection & Threat Hunting

Detection & Threat Hunting

Splunk SPL, KQL, Elastic, and Sigma detection rules for threat hunting — 35 products

Categories

🛡️Cybersecurity Tools115

Detection & Threat Hunting35 Scripts & Automation32 Incident Response16 Hardening & Baselines12 Security Architecture & Operations18 NSA CSfC Continuous Monitoring2

📋GRC & Compliance117

🔒Privacy & Legal106

🎓Training & Awareness5

Frameworks

CCPA CIS CMMC DORA FedRAMP GDPR GLBA HIPAA ISO-20000 ISO-22301 ISO-27001 ISO-9001 ITIL NIS2 NIST-800-171 NIST-800-53

Clear all filters

NIST-CSFCISNIST-800-53+2

Sigma Rules — Full MITRE ATT&CK Coverage

NIST-CSFCISNIST-800-53+2

Sigma Rules Pack — Cloud Attacks

NIST-CSFCISNIST-800-53+2

Sigma Rules Pack — Web Application Attacks

6 Sigma detection rules for web application attacks mapped to MITRE T1190, T1059.007, CIS v8 §16, ISO A.8.29, NIST SI-10

NIST-CSFCISNIST-800-53+2

Sigma Rules Pack — Linux Threats

10 Sigma detection rules for Linux threats mapped to MITRE ATT&CK v14, CIS v8 §10, ISO A.8.8, NIST SI-4

NIST-CSFCISNIST-800-53+2

Sigma Rules Pack — Windows Threats

10 Sigma detection rules for Windows threats mapped to MITRE ATT&CK v14, CIS v8 §10, ISO A.8.8, NIST SI-4

NIST-CSFCISNIST-800-53+2

Elastic — Threat Intelligence Integration Pack

NIST-CSFCISNIST-800-53+3

Elastic — Cloud Monitoring Rules AWS GCP

NIST-CSFCISNIST-800-53+2

Elastic — MITRE ATT&CK Rule Pack

20 NDJSON rule files + MITRE Coverage Matrix XLSX covering all 14 ATT&CK tactics

NIST-CSFCISNIST-800-53+2

Elastic — Endpoint Threat Detection Rules

6 NDJSON endpoint detection rules mapped to MITRE T1059/T1055/T1547, CIS v8, ISO A.8.8, NIST SI-3

NIST-CSFCISNIST-800-53+2

Elastic — Active Directory Threat Detection

6 NDJSON AD threat detection rules mapped to MITRE T1558/T1078/T1087, CIS v8, ISO A.5.15, NIST AC-2

NIST-CSFCISNIST-800-53+2

Elastic SIEM Detection Rules Pack

10 NDJSON detection rule files mapped to MITRE ATT&CK v14, CIS v8, ISO A.5.7, NIST IR-4

NIST-CSFCISNIST-800-53+3

KQL — Network and Firewall Anomaly Detection

NIST-CSFCISNIST-800-53+2

KQL — Windows Security Event Detection

NIST-CSFCISNIST-800-53+2

KQL — Sentinel Workbook Templates

NIST-CSFCISNIST-800-53+2

KQL — MITRE ATT&CK Coverage Pack

NIST-CSFCISNIST-800-53+2

KQL — Cloud Resource Abuse Detection

NIST-CSFCISNIST-800-53+2

KQL — Office 365 Threat Detection

NIST-CSFCISNIST-800-53+2

KQL — Insider Threat Detection Pack

NIST-CSFCISNIST-800-53+2

KQL — Ransomware Detection and Response

NIST-CSFCISNIST-800-53+2

KQL — Microsoft Defender Threat Hunting

NIST-CSFCISNIST-800-53+2

KQL — Azure AD Entra ID Attack Detection

NIST-CSFCISNIST-800-53+2

KQL Detection Pack — Microsoft Sentinel

NIST-CSFCISNIST-800-53+2

Splunk SPL — Compliance Reporting Queries

NIST-CSFCISNIST-800-53+2

Splunk SPL — Web Application Attack Detection

NIST-CSFCISNIST-800-53+3

Splunk SPL — Privileged Account Monitoring

NIST-CSFCISNIST-800-53+2

Splunk SPL — MITRE ATT&CK Coverage Pack

NIST-CSFCISNIST-800-53+2

Splunk SPL — Phishing and Email Threat Queries

NIST-CSFCISNIST-800-53+2

Splunk SPL — Endpoint Detection Queries

NIST-CSFCISNIST-800-53+3

Splunk SPL — Network Anomaly Detection

NIST-CSFCISNIST-800-53+2

Splunk SPL — Cloud Azure Threat Detection

NIST-CSFCISNIST-800-53+2

Splunk SPL — Cloud AWS Threat Detection

NIST-CSFCISNIST-800-53+2

Splunk SPL — Insider Threat Detection Pack

NIST-CSFCISNIST-800-53+2

Splunk SPL — Ransomware Detection Queries

NIST-CSFCISNIST-800-53+2

Splunk SPL — Active Directory Attack Detection

NIST-CSFCISNIST-800-53+2

Splunk SPL Detection Pack — Threat Hunting