SIEM Specific Detections

Although these are clearly vendor specific, how the logic works is useful in implementing similar detection use cases in other platforms.

Microsoft Sentinel / Defender 365

Wuzah

The rules for Wazuh, an open source threat detection platform

https://github.com/wazuh/wazuh/tree/master/ruleset

Panther Labs

The rules for Panther Labs security analytics platform. These are particularly cloud focused

https://github.com/panther-labs/panther-analysis

DNIF

The rules for DNIF's SIEM platform

https://github.com/dnif/content

Sophos