Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

Elemental - An ATT&CK Threat Library

Mapping of open-source detection rules and atomic tests.

IOK (Indicator Of Kit) is an open source language and ruleset for detecting phishing threat actor tools and tactics

Resources To Learn And Understand SIGMA Rules

BlackBerry Threat Research & Intelligence

A pySigma wrapper and langchain toolkit for automatic rule creation/translation

S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator

Autonomous security agent for Linux and macOS. 40 eBPF hooks. 48 detectors. 20 response playbooks. 30 correlation rules. 98% MITRE ATT&CK coverage (41/42). Kill chain tracking. AI agent protection. Mesh defense. Pure Rust.

Sigma detection rules for hunting with the threathunting-keywords project

Open detection standard for AI agent threats. Like Sigma, but for prompt injection, tool poisoning, and MCP attacks. Community-driven -- contributions welcome.

Open source HIDS tailored for Microsoft Windows and Active Directory

Framework definitions that allow to build a custom SIEM.

Complete Claude skills toolkit for professional malware analysis. 5 specialized skills covering triage, dynamic analysis, detection engineering, and reporting. Works with REMnux/FlareVM offline environments.

SysFlow edge processing pipeline

Convert Sigma Rules to different formats

⚠️ ARCHIVED**: This repository is no longer actively maintained. All Sigma rules are now managed and available in SIEM Rules

Repository of Sigma Rules

Open-source security platform for AI agents -- audits skills before install, monitors 24/7, shares threat intelligence across all users. | AI Agent 開源安全平台 -- 安裝前審計 skill、24/7 即時監控、社群共享威脅情報。