Automatically converts Sigma detection rules to Kusto Query Language (KQL) for Microsoft Defender and Sentinel.
Sigma Queries turned into KQL for Defender using pysigma - Automated
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.
Main Sigma Rule Repository
Detection Rules is the official repository for the rules used by Elastic Security's Detection Engine. It provides a comprehensive toolkit for security teams to develop, validate, test, and release detection logic in a structured, code-driven manner. This approach enables version control, automated testing, and streamlined integration with the Elastic SIEM. ## Key Features - **Rule Development & Management** — Python module for parsing, validating, and packaging detection rules from TOML files. - **Detections as Code (DaC)** — Full pipeline and CLI tools to manage rules with version control and automated workflows. - **Unit Testing Framework** — Integrated Python testing suite to validate rule logic and ensure reliability. - **Kibana Integration** — Library for API calls to Kibana and the Detection Engine for seamless rule deployment. - **KQL Validation** — Library for parsing and validating Kibana Query Language used in rule conditions. - **Threat Hunting Packages** — Dedicated directory for storing and managing threat hunting queries and packages. ## Philosophy The project embraces a Detections-as-Code philosophy, treating security rules as software artifacts to improve maintainability, collaboration, and automation in threat detection.
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.