SIEM Specific Detections
Although these are clearly vendor specific, how the logic works is useful in implementing similar detection use cases in other platforms.
Elastic
Elastic's detection rules
Microsoft Sentinel / Defender 365
Microsoft Sentinel's detection rules
https://github.com/Azure/Azure-Sentinel/tree/master/Detections
and hunting queries
https://github.com/Azure/Azure-Sentinel/tree/master/Hunting%20Queries
This isn't Sentinel official but still potentially useful if you are running Sentinel.
https://github.com/BlueTeamLabs/sentinel-attack
A curated list of Sentinel KQL queries
https://github.com/reprise99/Sentinel-Queries
Awesome KQL
https://github.com/basedfir/awesomekql
FalconForce's Microsoft Defender for Endpoint Rules
Google Chroncle
Google Chronicle's detection rules
https://github.com/chronicle/detection-rules
Dan Lussier's ruleset for Chronicle
https://github.com/the2dl/chronicle_detection_public
Guide to Chronicle
https://www.crestdatasys.com/blogs/google-chronicle-security-threat-detection-and-hunting/
Splunk
Splunk's Security Essentials detection rules
https://research.splunk.com/detections/
https://docs.splunksecurityessentials.com/content-detail/
https://github.com/splunk/security_content/tree/develop/detections
Splunk use cases from Abdullah BaghuthÂ
Wuzah
The rules for Wazuh, an open source threat detection platform
Panther Labs
The rules for Panther Labs security analytics platform. These are particularly cloud focused
DNIF
The rules for DNIF's SIEM platform
Sophos
Sophos' IOC repository