detection.studio
Convert Sigma rules to SIEM queries, directly in your browser.
You can access the tool at:
detection.studio
About
detection.studio is a privacy-focused tool for security professionals to convert Sigma detection rules to SIEM-specific languages (like Splunk SPL, Elasticsearch ES|QL, Grafana Loki etc.) entirely in the browser. No server processing means your sensitive detection rules never leave your device.
If you're unfamiliar with the Sigma detection format, or how it can benefit your SIEM detection strategy, visit the documentation to get yourself familiarized.
Features
- In-Browser Conversion: All conversions happen locally in your browser
- Pipeline & Filter Templates: Better support with intuitive UI
- Persistent Workspaces: Automatic saving to local storage
- Share & Export: Easily share your work or export to ZIP
- Familiar Interface: File-manager style UI for managing detection rules
Build & Deploy Locally
If you want to run detection.studio locally, you can follow these steps:
Installation
After installing bun from https://bun.sh/, run the following commands
# Install dependencies (bun preferred)
bun install
# Start dev server
bun run dev
# Build for production
bun run buildSIEM Support
detection.studio currently supports conversion to:
- Splunk SPL
- Elasticsearch ES|QL
- Grafana Loki
- And more via the pySigma ecosystem
Roadmap
The roadmap is generally available here on Github. The project is open-source and contributions are welcome.
Contributing
Contributions are welcome! For feature requests, bug reports or questions, please open an issue. If you'd like to contribute code, please open a pull request.
bunis the preferred package manager for the project
License
This project is licensed under the MIT License.
Acknowledgements
- SigConverter.io - Server licensed under Apache 2.0
- SigmaHQ - For the fantastic Sigma project
- Pyodide - For making Python in the browser possible
by north.sh