building-detection-rules-with-sigma
CommunityCreate portable Sigma detection rules for SIEMs.
AuthorAxxxxxxaaann
Version1.0.0
Installs0
System Documentation
What problem does it solve?
SOC teams frequently need portable detection rules that work across multiple SIEM platforms without vendor lock-in, enabling consistent threat coverage and shared workflows.
Core Features & Use Cases
- Portable Sigma rules that can be converted to Splunk SPL, Elastic Lucene, and Microsoft Sentinel KQL.
- MITRE ATT&CK mapping integration and CI/CD-ready rule validation and deployment workflows.
- Use cases include standardizing detections from threat intel, migrating rules across platforms, and promoting hunting queries across systems.
Quick Start
Run the agent against your Sigma rules directory to generate Splunk-ready queries.
Dependency Matrix
Required Modules
sigma
Components
scripts
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: building-detection-rules-with-sigma Download link: https://github.com/Axxxxxxaaann/KAIRI-Skills/archive/main.zip#building-detection-rules-with-sigma Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.