A collection of Sigma detection rules for threat detection and response, organized by operating system and attack technique.
Detection Lab provides production-ready Sigma rules covering:
- macOS persistence and privilege escalation
- Windows credential access and lateral movement
- Linux security monitoring
- Cloud infrastructure protection
- Network traffic analysis
Each detection is mapped to MITRE ATT&CK techniques and tested in live environments.
Browse detections, read testing methodology, and download Sigma rules.
Technical writeups on detection engineering, testing approaches, and security research.
- Astro - Static site generation
- Tailwind CSS - Styling
- Sigma - Detection rule format
- Cloudflare Pages - Hosting & CDN
MIT