| Repo | Latest signal | Updated |
|---|---|---|
| Research | Fix README link checker TOML config | 2026-05-16 |
| Area | What it gives you |
|---|---|
| Detections | KQL, Sigma, SPL, and signal logic. Deploy them. Tell me what's missing. |
| Automation | Validators, collectors, and helper scripts. PRs welcome. |
| Workbooks | SOC-style dashboard and visual analytics artifacts. |
| Research Notes | Malware research notes and public-safe writeups. |
| Releases | Versioned drops of stable lab content. |
Open to contribution. See CONTRIBUTING.md for the ground rules.
| Domain | Tools |
|---|---|
| Detection Engineering | KQL · Sigma · SPL · YARA |
| SIEM Platforms | Microsoft Sentinel · Elastic · Splunk · Chronicle |
| Automation | Python · Bash · PowerShell · GitHub Actions |
| Data & Pipelines | Pandas · Polars · dbt · REST APIs |
| Infrastructure | Linux · Docker · Cloudflare · AWS |
| Rule | |
|---|---|
| Evidence first | No claim ships without an artifact, log reference, or reproducible command. |
| Defensive and authorized | All work is scoped to authorized, public-safe security engineering. |
| No secrets | No credentials, private logs, or personal data in any project artifact. |
| Automation is accountable | Scripts explain what they read, what they changed, and what proves it worked. |
| Disagree? | Open a discussion. Evidence required. |
Built for receipts. The robot is friendly. The owner is not.