WRG-11/wrg-sigma-rules
by Various
Sigma detection rule writing, validation, and conversion for Claude Code -- LLM-assisted + pySigma + multi-backend (Splunk, Elastic, Kibana, Wazuh). 61 production rules + 3 MCP too
MCP
WRG-11/wrg-sigma-rules
Added 1 June 2026
Overview
A developer tool that uses LLM assistance and pySigma to write, validate, and convert Sigma detection rules for multiple backends including Splunk, Elastic, Kibana, and Wazuh. It provides 61 production rules, 3 MCP tools, and 3 skills for integration with Claude Code.
Best for
Best for
Security engineers and detection engineers who want to accelerate Sigma rule creation and conversion using LLM assistance.
Use cases
- Generate Sigma detection rules from natural language prompts via Claude Code
- Validate and convert existing Sigma rules to different SIEM backends
- Automate rule creation and testing in security operations workflows
Notes
A developer tool that uses LLM assistance and pySigma to write, validate, and convert Sigma detection rules for multiple backends including Splunk, Elastic, Kibana, and Wazuh. It provides 61 production rules, 3 MCP tools, and 3 skills for integration with Claude Code.
0 stars on GitHub. Last updated 2026-06-01. Licensed MIT.
Use cases
- Generate Sigma detection rules from natural language prompts via Claude Code
- Validate and convert existing Sigma rules to different SIEM backends
- Automate rule creation and testing in security operations workflows
Pros
- Supports multiple SIEM backends out of the box
- Includes a library of production-ready rules to start from
- Integrates directly with Claude Code for LLM-assisted rule writing
Cons
- Requires familiarity with Sigma rule syntax and pySigma
- Dependent on Claude Code for LLM features, limiting portability
- Small community and zero stars indicate limited adoption or testing
Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.
Pros
- Supports multiple SIEM backends out of the box
- Includes a library of production-ready rules to start from
- Integrates directly with Claude Code for LLM-assisted rule writing
Cons
- Requires familiarity with Sigma rule syntax and pySigma
- Dependent on Claude Code for LLM features, limiting portability
- Small community and zero stars indicate limited adoption or testing
Pairs with
Other entries in the index that connect to this one. Click through to see the chain.
Get the free Developer’s Field Guide
A 27-page field guide to the AI coding workflow with Claude. Claude Code, MCP servers, the prompt patterns that work, and what to delegate. Free.
Enter your work email. We send it straight over, plus a few short notes worth knowing. Unsubscribe any time.