Security Detections
Aggregates security detection rules from Sigma, Splunk ESCU, Elastic, and KQL into a unified searchable SQLite database with MITRE ATT&CK mappings and CVE tracking for security analysts and threat hunters.
About
An MCP server that provides unified access to security detection rules from Sigma, Splunk ESCU, Elastic Detection Rules, and KQL query repositories. The implementation indexes detection rules into a searchable SQLite database with full-text search capabilities, automatically parsing YAML and TOML formats to extract MITRE ATT&CK mappings, CVE references, process names, and other metadata. Supports advanced filtering by MITRE tactics, severity levels, data sources, and process names, making it useful for security analysts building detection coverage maps, threat hunters researching specific attack techniques, or security engineers comparing detection approaches across different SIEM platforms.
Is this your project?
Claim this listing to manage your page, access analytics, and unlock upgrades. Verification takes 60 seconds.
Share This Project
Embed Badge
Add this badge to your README:
[](https://hifriendbot.com/ai-list/security-detections/)
