Sigma Rule Builder

Build Sigma detection rules visually with live YAML preview and export to Splunk SPL, QRadar AQL, and Sentinel KQL.

[Lab Tool] [SOC & Threat Intelligence]

All processing happens locally in your browser. No data is sent to any server.

Metadata

Title *

ID

Status

Level

Description

Author

Date

References (one per line)

Tags (comma-separated)

Logsource

Category *

Product

Service

Detection

Condition *

Examples: selection | selection and not filter | selection1 or selection2

False Positives

YAML Preview

SIEM Conversion (Basic)

Library