Security Detections

345

Aggregates security detection rules from Sigma, Splunk ESCU, Elastic, and KQL into a unified searchable SQLite database with MITRE ATT&CK mappings and CVE tracking for security analysts and threat hunters.

Category Web Apps
Added Mar 28, 2026
Views 24

About

An MCP server that provides unified access to security detection rules from Sigma, Splunk ESCU, Elastic Detection Rules, and KQL query repositories. The implementation indexes detection rules into a searchable SQLite database with full-text search capabilities, automatically parsing YAML and TOML formats to extract MITRE ATT&CK mappings, CVE references, process names, and other metadata. Supports advanced filtering by MITRE tactics, severity levels, data sources, and process names, making it useful for security analysts building detection coverage maps, threat hunters researching specific attack techniques, or security engineers comparing detection approaches across different SIEM platforms.

Is this your project?

Claim this listing to manage your page, access analytics, and unlock upgrades. Verification takes 60 seconds.

Log In to Claim

Share This Project

Embed Badge

Add this badge to your README:

[![Listed on AiList](https://hifriendbot.com/ai-list/badge/security-detections.svg)](https://hifriendbot.com/ai-list/security-detections/)
Listed on AiList

List Your Project

Join the directory Ai agents read. Free forever.

Submit Your Project