All activity
Turn plain-English behaviors or small log samples into production-ready detection packs — Sigma, KQL (Sentinel), and SPL (Splunk) — with tests and a short response playbook, all mapped to MITRE ATT&CK.
DetectPack ForgeTurn your words into a rule maker.
Andrew Kolaleft a comment
DetectPack Forge is a helper for people learning or working with SIEMs. You describe a behavior (e.g., “many failed logons then a success”) or paste a few log lines, and the app generates: Sigma (vendor-neutral rule YAML) KQL (Microsoft Sentinel) SPL (Splunk) Tests (positive/negative examples) Playbook (concise incident-response checklist) MITRE ATT&CK technique tags What's different about this...
DetectPack ForgeTurn your words into a rule maker.