Alternatives and similar repositories for go-sigma-rule-engine

Users that are interested in go-sigma-rule-engine are comparing it to the libraries listed below

• bradleyjkemp / sigma-go

  View on GitHub
  A Go implementation and parser for Sigma rules.
  ☆95May 15, 2025Updated 8 months ago
• google / gonids

  View on GitHub
  gonids is a library to parse IDS rules, with a focus primarily on Suricata rule compatibility. There is a discussion forum available that…
  ☆192Jul 18, 2025Updated 6 months ago
• 0xThiebaut / sigmai

  View on GitHub
  Import specific data sources into the Sigma generic and open signature format.
  ☆79May 6, 2022Updated 3 years ago
• opencybersecurityalliance / firepit

  View on GitHub
  Firepit - STIX Columnar Storage
  ☆17Jun 5, 2024Updated last year
• ninoseki / kibune

  View on GitHub
  A Sigma based detection pipeline
  ☆13Dec 15, 2023Updated 2 years ago
• TcM1911 / stix2

  View on GitHub
  A pure Go library for working with Structured Threat Information Expression (STIX™) version 2.x data
  ☆27Apr 27, 2025Updated 9 months ago
• MAECProject / pefile-to-maec

  View on GitHub
  Generate MAEC XML from Ero Carrera's pefile output
  ☆15Mar 6, 2017Updated 8 years ago
• bradleyjkemp / sigma-test

  View on GitHub
  A test case runner for Sigma rules
  ☆14Aug 14, 2024Updated last year
• SigmaHQ / pySigma

  View on GitHub
  Python library to parse and convert Sigma rules into queries (and whatever else you could imagine)
  ☆527Feb 5, 2026Updated last week
• blackstork-io / fabric

  View on GitHub
  An open-source command-line tool for cybersecurity reporting automation and a configuration language for reusable templates. Reporting-as…
  ☆67Jul 6, 2025Updated 7 months ago
• binalyze / tigma

  View on GitHub
  Sigma Engine implementation in TypeScript
  ☆28Mar 5, 2023Updated 2 years ago
• NextronSystems / gimphash

  View on GitHub
  Imphash-like calculation on Golang binaries
  ☆49Jul 2, 2022Updated 3 years ago
• AbGuthrie / goquery

  View on GitHub
  Provide a shell like interface by utilizing osquery's distributed API
  ☆82Jun 24, 2020Updated 5 years ago
• wolfeidau / s3iofs

  View on GitHub
  This package provides an S3 implementation for Go1.16 filesystem interface.
  ☆13Apr 21, 2025Updated 9 months ago
• viktb / asnlookup

  View on GitHub
  CLI and Go package for fast, offline ASN lookups
  ☆20Feb 27, 2025Updated 11 months ago
• joesecurity / sigma-rules

  View on GitHub
  Sigma rules from Joe Security
  ☆230Nov 4, 2024Updated last year
• cugu / kaitaigo

  View on GitHub
  kaitaigo is a compiler and runtime to create Go parsers from Kaitai Struct files
  ☆18Apr 20, 2022Updated 3 years ago
• eclecticiq / stix-icons

  View on GitHub
  stix-icons is a collection of colourful and clean icons for use in software, training and marketing material to visualize cyber threats a…
  ☆37Dec 15, 2022Updated 3 years ago
• invoke-eric / jupyter

  View on GitHub
  Jupyter Notebooks for Cyber Threat Intelligence
  ☆35Sep 14, 2023Updated 2 years ago
• omarghader / pefile-go

  View on GitHub
  Golang port of pefile
  ☆25Jul 17, 2017Updated 8 years ago
• threathunters-io / laurel

  View on GitHub
  Transform Linux Audit logs for SIEM usage
  ☆811Dec 18, 2025Updated last month
• markuskont / pikksilm

  View on GitHub
  Look into EDR events from network
  ☆25Nov 20, 2025Updated 2 months ago
• Velocidex / go-ntfs

  View on GitHub
  An NTFS file parser in Go
  ☆73Mar 22, 2025Updated 10 months ago
• avast / yarang

  View on GitHub
  Alternative YARA scanning engine
  ☆73Aug 23, 2022Updated 3 years ago
• jpalanco / klara-docker-compose

  View on GitHub
  Klara docker compose
  ☆11May 19, 2020Updated 5 years ago
• nytr0gen / go-cidr

  View on GitHub
  CIDR to IP List Tool
  ☆14Mar 12, 2016Updated 9 years ago
• gerwout / pacs

  View on GitHub
  Pritunl Access Control System
  ☆10Feb 16, 2023Updated 2 years ago
• taterhead / PCAP-Index

  View on GitHub
  Set of scripts to index PCAP files and retrieve packets
  ☆14Sep 10, 2015Updated 10 years ago
• tenzir / dockerized-zeek

  View on GitHub
  Dockerized Zeek
  ☆12Mar 9, 2024Updated last year
• muchdogesec / stixify

  View on GitHub
  Extract machine readable cyber threat intelligence from unstructured data (inc. PDFs, Word docs, and HTML pages)
  ☆33Updated this week
• JustinAzoff / can-i-use-afpacket-fanout

  View on GitHub
  Validate if afpacket PACKET_FANOUT_HASH is working properly
  ☆25May 19, 2022Updated 3 years ago
• micrictor / smbfp

  View on GitHub
  Zeek package to generate a SMB client fingerprint
  ☆27May 5, 2020Updated 5 years ago
• cedowens / C2-JARM

  View on GitHub
  A list of JARM hashes for different ssl implementations used by some C2/red team tools.
  ☆145Apr 20, 2023Updated 2 years ago
• SecurityBrewery / catalyst

  View on GitHub
  ⚡️ Catalyst is a self-hosted, open source incident response platform and ticket system that helps to automate alert handling and incident…
  ☆510Feb 1, 2026Updated last week
• mauri870 / gcsfs

  View on GitHub
  Golang io/fs implementation for Google Cloud Storage
  ☆12Jan 20, 2024Updated 2 years ago
• muchdogesec / sigma2stix

  View on GitHub
  [ARCHIVED -- USE TXT2DETECTION] A command line tool that converts Sigma Rules into STIX 2.1 Objects.
  ☆12Jan 13, 2025Updated last year
• WesSec / VelociDeploy-o-Matic

  View on GitHub
  Scripts to for ready-to-use Velociraptor instance deployment in Azure
  ☆14Jun 27, 2023Updated 2 years ago
• kaitai-io / ksylint

  View on GitHub
  A linter for ksy files.
  ☆11Aug 15, 2021Updated 4 years ago
• hashlookup / a-ray-grass

  View on GitHub
  a-ray-grass is a yara module that provides support for DCSO-format bloom filters in yara. In the context of hashlookup, it allows quickly…
  ☆14Aug 19, 2022Updated 3 years ago