Detections

Case studies first, then verified library content

The repo ships multi-platform detection content and IR playbooks with reproducible counts. All numbers are verified (reproducible today) — no inflated totals, no hand-waving.

Case Studies

What the detections actually caught

Read the write-ups to understand the context behind the rule counts: what triggered, how it was triaged, what changed.

Detection Library

Expandable detection content

Multi-platform detection content organized by format. Expand a card to see what's inside and copy a verification command.

Verify: pwsh -NoProfile -File .\scripts\verify\verify-counts.ps1
Mapping and Testing

MITRE ATT&CK tactic coverage

Sigma rules are organized by tactic folder. The table below shows which ATT&CK tactics have detection coverage. Expand any tactic card to see technique examples and pivots.

Full tactic-to-rule mapping lives in detection-rules/INDEX.md in the repo. Browse on GitHub →