I'm not a big fan of the term detection engineering, as I'm of the opinion that you're not an engineer unless you earned an iron ring (I'm Canadian) or at least made something physical, or completed a degree in software engineering.
Writing text files doesn't make you an engineer.
But I get the meaning behind it so let's continue.
- About Detection Engineering by Florian Roth
- How to write detailed YARA rules
- Detailed YARA Style Guide
- YARA Performance Guidelines
- SigmaHQ
- https://github.com/reversinglabs/reversinglabs-yara-rules
- https://github.com/Neo23x0/signature-base (free database for Nextron-Systems' THORLITE scanner or other tools)
- https://github.com/InQuest/awesome-yara - A larger repo of YARA rules than I can possibly collect anytime soon
- My basic YARA repo