SIGMA Rule Generator — Describe an attack. Get a detection rule.

✍️

SIGMA Rule Generator

Describe an attack in plain English, paste a log line, drop a raw alert, or enter an IOC — and get a valid SIGMA detection rule with Splunk SPL, Microsoft KQL, Elastic DSL, QRadar AQL, Trend Vision One XDR, and Microsoft Defender XDR conversions. 100% client-side. No data sent anywhere except OpenAI.

Examples:

Log source

Confidence

Target SIEM

⚠️ Target observable artifacts — not CVE IDs directly.
Use processCmd, processFilePath, dst, eventSubId.

Analyzing attack pattern…

SIGMA rule · SPL · KQL · Trend XDR · Defender

💬 What this detects

🎯 MITRE ATT&CK techniques

📄 SIGMA Rule

⚡ Platform conversions

Splunk SPL

Microsoft KQL (Sentinel)

Elastic DSL / EQL

QRadar AQL

Trend Vision One XDR

Microsoft Defender XDR

Have a raw alert that triggered this detection? Analyze it in Alert Explainer. 🚨 Open Alert Explainer →

Rule is in production? Build the IR playbook for when it fires. 📖 Build Playbook →