Threat Detection Marketplace – Getting Ready to Explore

Threat Detection Marketplace is a community-based library of relevant and actionable threat detection content that has been uniting cybersecurity content authors to stand on the defensive of cyberspace to deliver the best content to the community for five years already. TDM provides ready-made tested Rule Packs, SIGMA rules, parsers, natively integrating applications as well as support services for the most used SIEM platforms. The content is mapped against the MITRE ATT&CK matrix. Each technique has a list of security-sensitive platforms, examples of known attacks, detection instructions that along with the number of rules that are aimed at spotting suspicious behavior and protecting the company’s infrastructure.

Looking for threat detecting content at TDM with more than 32k rules is much easier than picking a needle out of the haystack, though it may not seem so. We’ve garnished the searching capabilities with the profile configuration option. Rule Master allows flexible customization to display the content that best meets your company’s security requirements by specifying information about the environment so that you will be informed about the most suitable, recommendable and up-do-day content first. However, the Rule Master doesn’t oblige you to look through the Rules that only meet your profile configuration. You can easily switch on/off this option in the Filter panel.

Also, the Filter panel allows displaying content that meets certain criteria: platforms, OS, log sources, data sources, executor, content authors, etc. You may indicate the required content type, content availability type, or even specify the type of Sigma rule – IOC, Threat hunting, or Compliance. If you looking for the content focusing on MITRE methodology, you can filter out the content that is mapped against certain Actors, Tools, Tactics or Techniques.

Not least of all available search tools at TDM is the Search panel. On the surface, it seems to be pretty simple and obvious – you can type whatever you are looking for and it suggests you the TMD content color-marking its category. But we’ve brightened up the Search panel with Elastic stack search capabilities, namely Lucene query syntax option, making it possible to specify the field names, run wildcards, embed regular expressions, use the “fuzzy” operator, specify the edit distance of specified words with proximity searches, use the boost operator, grouping, reserved characters, etc. Read more about Lucene query syntax here:

Have you already got an account at Threat Detection Marketplace? Tell us about your experience with looking for the threat detection content ar TDM.
Or join the world’s largest Threat Detection Marketplace now: