Detection Rules

A free, growing library of Sigma detection rules. Every rule is grounded in a real attack LogTriage detects, mapped to its log format and MITRE ATT&CK technique, and validated against real sample logs — it has to fire on the malicious sample and stay quiet on the benign one before it ships.

New rules added regularly. Copy any rule into your SIEM — or upload your logs to LogTriage and let it detect these automatically.