Alternatives and similar repositories for sigma-rust

Users that are interested in sigma-rust are comparing it to the libraries listed below

• u-siem / u-siem-core
  Framework definitions that allow to build a custom SIEM.
  ☆27Updated 8 months ago
• cudeso / misp-scraper
  A web scraper to create MISP events and reports
  ☆15Updated last month
• theflakes / fmd
  Windows file metadata / forensic tool.
  ☆18Updated 8 months ago
• avast / yarang
  Alternative YARA scanning engine
  ☆70Updated 2 years ago
• AttackIQ / SigmAIQ
  A pySigma wrapper and langchain toolkit for automatic rule creation/translation
  ☆81Updated 2 weeks ago
• SigmaHQ / sigma-rules-validator
  Validates Sigma rules using the JSON schema
  ☆16Updated last year
• NextronSystems / evtx-baseline
  A repository hosting example goodware evtx logs containing sample software installation and basic user interaction
  ☆78Updated 3 weeks ago
• openrelik / openrelik-server
  The core backend server handling API requests and task management
  ☆39Updated last week
• humpalum / vscode-sigma
  ☆16Updated 2 months ago
• WithSecureLabs / tau-engine
  A document tagging library
  ☆30Updated 2 months ago
• opencybersecurityalliance / oca-iob
  Augmentation to Machine Readable CTI
  ☆31Updated last month
• theAtropos4n6 / Partition-4DiagnosticParser
  Windows Event Log "Microsoft-Windows-Partition%4Diagnostic.evtx" parser and devices' VSNs extractor.
  ☆19Updated last year
• MISP / SkillAegis
  SkillAegis is a platform to design, run, and monitor exercise scenarios, enhancing skills in applications like MISP and training users in…
  ☆29Updated last month
• strozfriedberg / notatin
  A Windows registry file parser written in Rust
  ☆38Updated last year
• Yamato-Security / hayabusa-sample-evtx
  Sample evtx files to use for testing hayabusa detection rules
  ☆57Updated 7 months ago
• MISP / misp-guard
  misp-guard is a mitmproxy addon that inspects and blocks outgoing events to external MISP instances via sync mechanisms (pull/push) based…
  ☆14Updated 3 months ago
• forensicmatt / libtsk-rs
  Wrapper for TSK (Sleuth Kit) Bindings
  ☆12Updated 2 years ago
• runreveal / sigmalite
  ☆45Updated 2 months ago
• bradleyjkemp / sigma-test
  A test case runner for Sigma rules
  ☆13Updated 9 months ago
• mnrkbys / fjta
  FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (EXT4, XFS) journals (not systemd-journald), generates…
  ☆64Updated 2 months ago
• invoke-eric / jupyter
  Jupyter Notebooks for Cyber Threat Intelligence
  ☆35Updated last year
• northsh / detection.studio
  Convert Sigma rules to SIEM queries, directly in your browser.
  ☆81Updated this week
• nasbench / Eventlog_Compendium
  The Eventlog Compendium is the go-to resource for understanding Windows Event Logs.
  ☆44Updated last month
• Velocidex / evtx-data
  Publicly shareable windows event log message data
  ☆27Updated 5 years ago
• aaronkaplan / stochasticCTIExtractor
  Interface LLMs from within MISP to extract TTPs and threat intel from CTI reports
  ☆17Updated last year
• mgreen27 / mcp-velociraptor
  VelociraptorMCP is a Model Context Protocol bridge for exposing LLMs to MCP clients.
  ☆28Updated last week
• puffyCid / artemis
  A cross platform forensic parser written in Rust!
  ☆83Updated this week
• certeu / droid
  A pySigma wrapper to manage detection rules.
  ☆39Updated last week
• marirs / sigma-convert
  Convert Sigma Rules to different formats
  ☆11Updated 9 months ago
• center-for-threat-informed-defense / summiting-the-pyramid
  Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…
  ☆41Updated 3 weeks ago