Detections podcast detections in structured YAML file format complete with titles, descriptions, timestamps, references, ATT&CK URLs, and ATT&CK tags.
My hope is that this will be a nice trove of detections for security people to use for threat hunting as well as for rules in their SIEMs, IDSs, IPSs, EDRs, etc.
The logical next step that one could do is take these formatted detections and contribute new Sigma rules where none exist currently.
The first episode can be used as a template for the others. I and whoever else are moderators will review/accept pull requests for new YAML file submissions.
For those interested in helping out with the repository, please see the issues tab before working on an episode.
Choose an episode and then click on it. Once you have pulled the episode issue page up, look at the right hand side of the page at the project section. When you start working on the episode, please change it from To do to In progress.
You can leave a comment on the issue and either itpropaul or FlannelSec will then assign you to the issue. This will help make sure issues are not covered by multiple people, slowing down the progress of the overall project. If we get each episode finished we can revisit going back to previous issues and making sure we have each episode fully fleshed out.