See also technology specific sets here

MITRE's Cyber Analytics Repository and D3FEND project

https://car.mitre.org/analytics/ and https://d3fend.mitre.org/

Red Canary's report on the most commonly observed ATT&CK techniques and how to detect them. Very very useful. 

https://resource.redcanary.com/rs/003-YRU-314/images/2021-Threat-Detection-Report.pdf

https://resource.redcanary.com/rs/003-YRU-314/images/2022_ThreatDetectionReport_RedCanary.pdf

Bit out of date but still useful.

https://github.com/jhainly/det3ct-the-att-ck/blob/master/use%20case%20library.xlsx

Interesting project to extract TTP's from TI reports and turn them into detection rules

https://github.com/vadim-hunter/Detection-Ideas-Rules

Loginsoft's rules. Particular focus on rules to detect exploitation of vulnerabilities

https://github.com/Loginsoft-Research/detection-rules

Sigma's detection rules

https://github.com/SigmaHQ/sigma/tree/master/rules

Emanuele De Lucia of Cluster25

https://github.com/edelucia/rules/tree/main/sigma

Sigma rules as above but with conversion from sigma into the formats used by various SIEM products

https://sigma.socprime.com/

See also Projects for more info on Sigma.

SOC Prime - Paid packs with some free SIGMA rules

https://my.socprime.com/tdm/

Usually hopeless but this isn't a bad list of ideas. Links to peerlyst though which is dead.

https://surelog.medium.com/detecting-unusual-activities-using-a-next-generation-siem-use-cases-cb2e3a43b0ac