Giter Club home page Giter Club logo

chronicle-detection-rules's Introduction

Google Security Operations Detection Rules

This repository contains sample detection rules and dashboards for use within Google Security Operations.

Rules within the community directory were created by the Google Security Operations Security team and members of the Google Security Operations user community. These rules take advantage of the latest YARA-L syntax, provide a starter set of rules that can be used with Google Security Operations' entity graph as well as for other use cases or as inspiration for new use cases.

Rules within the soc_prime_rules directory were created by SOC Prime and made available to Google Security Operations Customers.

Before deploying any rules, using Google Security Operations' test rule functionality is considered a best practice and provides the opportunity for users to tune rules to their environment before creating alerts for them.

Dashboard YAML files can be imported into Google Security Operations dashboards using the Add - Import Dashboard capability found next to the Personal Dashboards or Shared Dashboards section of the UI. The intent of this is to provide sample dashboards that can serve as templates, inspiration or starting points for your own dashboards and can be modified as you see fit.

Getting Started

Rules can be created within your Google Security Operations instance by using the Rules Editor. Simply download the rule from the repository and copy the content of the rule to the rule editor when creating a new rule.

To automate rule creation, APIs are available to create/update/delete rules.

Detailed instructions can be found in your Google Security Operations instance under documentation.

How to Contribute

Interested in contributing to this project? We'd love to hear from you! Example contributions include new detection rules and updates to existing rules.

Please refer to our contribution guide for further information.

Our style guide for authoring YARA-L detection rules can be found here.

Documentation

Detection API and UI

YARA-L 2.0 rules and UDM:

Code Samples

chronicle-detection-rules's People

Contributors

threat-punter avatar gssincla-g avatar jason-wg avatar dandye avatar goog-cmmartin avatar jacks-reid avatar rixgh avatar shapor avatar venkatax avatar rtwhite-chronicle avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.