Main Sigma Rule Repository

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

Python library to parse and convert Sigma rules into queries (and whatever else you could imagine)

Set of SIGMA rules (>350) mapped to MITRE ATT&CK tactic and techniques

Elemental - An ATT&CK Threat Library

Sigma Rules Engine inside the Linux Kernel using eBPF. Focusing on prevention capabilities

Sigma rules from Joe Security

Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.

Rules generated from our investigations.

Mapping of open-source detection rules and atomic tests.

IOK (Indicator Of Kit) is an open source language and ruleset for detecting phishing threat actor tools and tactics

Resources To Learn And Understand SIGMA Rules

Sigma rule specification

A repository of my own Sigma detection rules.

SIEGMA - Transform Sigma rules into SIEM consumables

Sigma rules to share with the community

Converts Sigma detection rules to a Splunk alert configuration.

Convert Sigma rules to SIEM queries, directly in your browser.

A Splunk App containing Sigma detection rules, which can be updated from a Git repository.

Log Entry to Sigma Rule Converter

Golang library that implements a sigma log rule parser and match engine.

BlackBerry Threat Research & Intelligence

A Go implementation and parser for Sigma rules.

Sigma Detection Rule Repository

Autonomous open-source security agent for Linux (Apache-2.0). 40 eBPF hooks, 49 detectors, 47 correlation rules, 65 MITRE ATT&CK techniques, AI triage, behavioral DNA cross-IP tracking, mesh defense.

A pySigma wrapper and langchain toolkit for automatic rule creation/translation

S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator

Open detection standard for AI agent threats. Like Sigma, but for prompt injection, tool poisoning, and MCP attacks. Community-driven -- contributions welcome.

Convert Sigma rules to Wazuh rules

A Splunk app with saved reports derived from Sigma rules