Convert Sigma rules to SIEM queries, directly in your browser.
You can access the tool at:
detection.studio
detection.studio is a privacy-focused tool for security professionals to convert Sigma detection rules to SIEM-specific languages (like Splunk SPL, Elasticsearch ES|QL, Grafana Loki etc.) entirely in the browser. No server processing means your sensitive detection rules never leave your device.
If you're unfamiliar with the Sigma detection format, or how it can benefit your SIEM detection strategy, visit the documentation to get yourself familiarized.
- In-Browser Conversion: All conversions happen locally in your browser
- Pipeline & Filter Templates: Better support with intuitive UI
- Persistent Workspaces: Automatic saving to local storage
- Share & Export: Easily share your work or export to ZIP
- Familiar Interface: File-manager style UI for managing detection rules
If you want to run detection.studio locally, you can follow these steps:
After installing bun from https://bun.sh/, run the following commands
# Install dependencies (bun preferred)
bun install
# Start dev server
bun run dev
# Build for production
bun run builddetection.studio currently supports conversion to:
- Splunk SPL
- Elasticsearch ES|QL
- Grafana Loki
- And more via the pySigma ecosystem
The roadmap is generally available here on Github. The project is open-source and contributions are welcome.
Contributions are welcome! For feature requests, bug reports or questions, please open an issue. If you'd like to contribute code, please open a pull request.
bunis the preferred package manager for the project
This project is licensed under the MIT License.
- SigConverter.io - Server licensed under Apache 2.0
- SigmaHQ - For the fantastic Sigma project
- Pyodide - For making Python in the browser possible
by north.sh