Post

Defensive Rules

Posted Updated
Preview Image
By Infinit3i
1 min read

Defensive Rules

I wanted this to be a place where I could save my detection rules that were custom to better find what I didn’t see of abundance.

Defensive Rules is a curated collection of Sigma detection rules authored by Infinit3i, with contributions and collaboration alongside deej1721 and B0und13ss. The repository is organized by data source—including Windows, Syslog, and Zeek with the goal of providing defenders a centralized, modular library for building and deploying detections across multiple environments and SIEM platforms.

The primary objective of this project is clarity and reusability. Each rule is written to be easily understood, customized, and mapped to MITRE ATT&CK, enabling defenders to reason about coverage gaps and adversary behavior rather than treating detections as opaque alerts. The rules focus on high-signal attacker activity observed in real-world environments, rather than overly generic or noisy patterns.

Project, GitHub
detection-engineering sigma-rules defensive-security blue-team soc threat-detection mitre-attack windows-logs syslog zeek siem splunk elastic security-analytics threat-hunting infosec
This post is licensed under CC BY 4.0 by the author.