A curated awesome list of learning resources, tools, and best practices for detection engineering—designing, building, and operating detective cybersecurity controls.
Loading more......
A curated “awesome list” of learning resources, tools, and best practices for detection engineering—designing, building, and operating detective cybersecurity controls.
Awesome Detection Engineering is a community-maintained directory of high‑quality resources focused on the tactical discipline of detection engineering within cybersecurity. It covers how to design, implement, and operate detective controls that proactively identify malicious or unauthorized activity before it affects individuals or organizations.
Concepts & Frameworks
High-level materials that define and explain detection engineering as a function, including theoretical foundations, workflows, and reference models.
Detection Content & Signatures
Resources focused on authoring and managing detection logic such as rules, signatures, and analytic content (e.g., for SIEM, EDR, IDS/IPS).
Logging, Monitoring & Data Sources
Guidance and references for the telemetry and data needed to support effective detection: log sources, monitoring strategies, and data engineering considerations.
General Resources
Broader learning material related to detection engineering practice, including reading lists, talks, and other educational links.
archive directory for older or superseded content, keeping the main list focused while preserving historical references..github/workflows.LICENSE file specifying the terms under which the list and its contents are shared (see repository for exact license text).contributing.md – Contribution rules and format.code-of-conduct.md – Expected behavior within the community.