VOOZH

URL: https://github.com/topics/sigma-rules

⇱ sigma-rules · GitHub Topics · GitHub

#

sigma-rules

Here are 100 public repositories matching this topic...

ion-storm / sysmon-config

Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.

graylog logging forensics dfir sysmon threat-hunting siem threat-sharing threatintel netsec sysinternals graylog-plugin forensic-analysis threat-analysis threat-intelligence humio mitre-attack sigma-rules forensicartifacts digitalforensics

Updated
PowerShell

wagga40 / Zircolite

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

detection logs python3 forensics dfir sysmon auditd sigma evtx sigma-rules dfir-automation forensics-tools pysigma dfir-tools evtxtract

Updated
Python

Elemental-attack / Elemental

Elemental - An ATT&CK Threat Library

attack-detection threat-intelligence attack-defense mitre-attack atomicredteam sigma-rules

Updated
HTML

krdmnbrk / AttackRuleMap

Mapping of open-source detection rules and atomic tests.

splunk atomicredteam detection-engineering sigma-rules

Updated
Python

phish-report / IOK

IOK (Indicator Of Kit) is an open source language and ruleset for detecting phishing threat actor tools and tactics

phishing phishing-kit phishing-detection sigma-rules

Updated
Go

nasbench / SIGMA-Resources

Resources To Learn And Understand SIGMA Rules

windows linux rules learning awesome detection resources sigma detection-engineering sigma-rules

Updated

blackberry / threat-research-and-intelligence

BlackBerry Threat Research & Intelligence

machine-learning research artificial-intelligence iocs yara-rules threatintelligence suricata-rules sigma-rules

Updated
Jupyter Notebook

AttackIQ / SigmAIQ

A pySigma wrapper and langchain toolkit for automatic rule creation/translation

security python3 sigma security-tools detection-engineering sigma-rules llm langchain

Updated
Python

3CORESec / S2AN

S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator

suricata threat-hunting threat-modeling sigma mitre-attack suricata-rules sigma-rules

Updated
C#

InnerWarden / innerwarden

Autonomous open-source security agent for Linux (Apache-2.0). 40 eBPF hooks, 49 detectors, 208 Sigma rules, MITRE ATT&CK coverage, AI agent protection, mesh defense.

linux rust security opensource kernel honeypot firewall incident-response intrusion-detection ebpf yara anomaly-detection threat-detection apache-2 sigma-rules host-security ai-agent-security correlation-engine autonomous-defense agent-guard

Updated
Rust

👁 ThreatHunting-Keywords-sigma-rules

mthcht / ThreatHunting-Keywords-sigma-rules

Sigma detection rules for hunting with the threathunting-keywords project

dfir threat-hunting siem blueteam detection-rules mitre-attack threat-detection threathunting detection-engineering sigma-rules forensicartifacts

Updated
Python

Agent-Threat-Rule / agent-threat-rules

Open detection standard for AI agent threats. Like Sigma, but for prompt injection, tool poisoning, and MCP attacks. Community-driven -- contributions welcome.

owasp ai-security threat-detection sigma-rules prompt-injection llm-security agent-security mcp-security

Updated
TypeScript

Saeros-Security / Saeros

Open source HIDS tailored for Microsoft Windows and Active Directory

windows security events csharp dotnet wpf detection incident-response forensics dfir cybersecurity etw threat-hunting sigma blueteam windows-event-logs sigma-rules forensics-tools

Updated
C#

panguard-ai / panguard-ai

Open-source security platform for AI agents -- audits skills before install, monitors 24/7, shares threat intelligence across all users. | AI Agent 開源安全平台 -- 安裝前審計 skill、24/7 即時監控、社群共享威脅情報。

open-source typescript mcp cybersecurity yara threat-intelligence ai-security threat-detection sigma-rules ai-agent prompt-injection llm-security tool-poisoning

Updated
TypeScript

u-siem / u-siem-core

Framework definitions that allow to build a custom SIEM.

rust security siem sigma-rules

Updated
Rust

gl0bal01 / malware-analysis-claude-skills

Complete Claude skills toolkit for professional malware analysis. 5 specialized skills covering triage, dynamic analysis, detection engineering, and reporting. Works with REMnux/FlareVM offline environments.

incident-response reverse-engineering cybersecurity suricata reverse malware-analysis malware-research yara-rules threat-intelligence malware-detection security-research blue-team sigma-rules malware-triage remnux claude-ai flarevm claude-skills

Updated
Python

sysflow-telemetry / sf-processor

SysFlow edge processing pipeline

rules real-time analytics plugins rules-engine sigma falco otel open-telemetry sigma-rules falco-rules otel-agent

Updated
Go

marirs / sigma-convert

Convert Sigma Rules to different formats

rust-lang sigma rust-crate sigma-rules sigma-convert

Updated
Rust

👁 sigma2stix

muchdogesec / sigma2stix

ARCHIVED**: This repository is no longer actively maintained. All Sigma rules are now managed and available in SIEM Rules

stix2 sigma-rules

Updated
Python

RussianPanda95 / Sigma-Rules

Repository of Sigma Rules

malware-research malware-detection sigma-rules technique-detection

Updated

Improve this page

Add a description, image, and links to the sigma-rules topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the sigma-rules topic, visit your repo's landing page and select "manage topics."

You can’t perform that action at this time.