#

sigma-rules

Here are 107 public repositories matching this topic...

ion-storm / sysmon-config

Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.

Updated Nov 5, 2023
PowerShell

wagga40 / Zircolite

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

detection logs python3 forensics dfir sysmon auditd sigma evtx sigma-rules dfir-automation forensics-tools pysigma dfir-tools evtxtract

Updated Apr 6, 2026
Python

Elemental-attack / Elemental

Elemental - An ATT&CK Threat Library

attack-detection threat-intelligence attack-defense mitre-attack atomicredteam sigma-rules

Updated Dec 8, 2022
HTML

krdmnbrk / AttackRuleMap

Mapping of open-source detection rules and atomic tests.

splunk atomicredteam detection-engineering sigma-rules

Updated Feb 16, 2026
Python

IOK

phish-report / IOK

IOK (Indicator Of Kit) is an open source language and ruleset for detecting phishing threat actor tools and tactics

phishing phishing-kit phishing-detection sigma-rules

Updated Apr 24, 2025
Go

nasbench / SIGMA-Resources

Resources To Learn And Understand SIGMA Rules

windows linux rules learning awesome detection resources sigma detection-engineering sigma-rules

Updated Feb 14, 2023

InnerWarden / innerwarden

Autonomous open-source security agent for Linux (Apache-2.0). 40 eBPF hooks, 49 detectors, 47 correlation rules, 65 MITRE ATT&CK techniques. AI triage + intelligent notifications + zero-trust MDR + regression safety net. Behavioral DNA cross-IP tracking. Mesh defense.

Updated Apr 18, 2026
Rust

blackberry / threat-research-and-intelligence

BlackBerry Threat Research & Intelligence

machine-learning research artificial-intelligence iocs yara-rules threatintelligence suricata-rules sigma-rules

Updated Oct 20, 2023
Jupyter Notebook

Agent-Threat-Rule / agent-threat-rules

Open detection standard for AI agent threats. Like Sigma, but for prompt injection, tool poisoning, and MCP attacks. Community-driven -- contributions welcome.

owasp ai-security threat-detection sigma-rules prompt-injection llm-security agent-security mcp-security

Updated Apr 18, 2026
TypeScript

AttackIQ / SigmAIQ

A pySigma wrapper and langchain toolkit for automatic rule creation/translation

security python3 sigma security-tools detection-engineering sigma-rules llm langchain

Updated Nov 3, 2025
Python

3CORESec / S2AN

S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator

suricata threat-hunting threat-modeling sigma mitre-attack suricata-rules sigma-rules

Updated Dec 8, 2022
C#

ThreatHunting-Keywords-sigma-rules

mthcht / ThreatHunting-Keywords-sigma-rules

Sigma detection rules for hunting with the threathunting-keywords project

dfir threat-hunting siem blueteam detection-rules mitre-attack threat-detection threathunting detection-engineering sigma-rules forensicartifacts

Updated Mar 2, 2025
Python

panguard-ai / panguard-ai

Open-source security platform for AI agents -- audits skills before install, monitors 24/7, shares threat intelligence across all users. | AI Agent 開源安全平台 -- 安裝前審計 skill、24/7 即時監控、社群共享威脅情報。

open-source typescript mcp cybersecurity yara threat-intelligence ai-security threat-detection sigma-rules ai-agent prompt-injection llm-security tool-poisoning

Updated Apr 18, 2026
TypeScript

Saeros-Security / Saeros

Open source HIDS tailored for Microsoft Windows and Active Directory

windows security events csharp dotnet wpf detection incident-response forensics dfir cybersecurity etw threat-hunting sigma blueteam windows-event-logs sigma-rules forensics-tools

Updated Feb 13, 2026
C#

gl0bal01 / malware-analysis-claude-skills

Complete Claude skills toolkit for professional malware analysis. 5 specialized skills covering triage, dynamic analysis, detection engineering, and reporting. Works with REMnux/FlareVM offline environments.

incident-response reverse-engineering cybersecurity suricata reverse malware-analysis malware-research yara-rules threat-intelligence malware-detection security-research blue-team sigma-rules malware-triage remnux claude-ai flarevm claude-skills

Updated Apr 12, 2026
Python

u-siem / u-siem-core

Framework definitions that allow to build a custom SIEM.

rust security siem sigma-rules

Updated Sep 23, 2024
Rust

sysflow-telemetry / sf-processor

SysFlow edge processing pipeline

rules real-time analytics plugins rules-engine sigma falco otel open-telemetry sigma-rules falco-rules otel-agent

Updated Jan 15, 2025
Go

marirs / sigma-convert

Convert Sigma Rules to different formats

rust-lang sigma rust-crate sigma-rules sigma-convert

Updated Aug 12, 2024
Rust

sigma2stix

muchdogesec / sigma2stix

⚠️ ARCHIVED**: This repository is no longer actively maintained. All Sigma rules are now managed and available in SIEM Rules

stix2 sigma-rules

Updated Mar 19, 2026
Python

RussianPanda95 / Sigma-Rules

Repository of Sigma Rules

malware-research malware-detection sigma-rules technique-detection

Updated Apr 20, 2025

Improve this page

Add a description, image, and links to the sigma-rules topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the sigma-rules topic, visit your repo's landing page and select "manage topics."