WRG-11/wrg-sigma-rules

Overview

A developer tool that uses LLM assistance and pySigma to write, validate, and convert Sigma detection rules for multiple backends including Splunk, Elastic, Kibana, and Wazuh. It provides 61 production rules, 3 MCP tools, and 3 skills for integration with Claude Code.

Best for

Best for
Security engineers and detection engineers who want to accelerate Sigma rule creation and conversion using LLM assistance.

Use cases

• Generate Sigma detection rules from natural language prompts via Claude Code
• Validate and convert existing Sigma rules to different SIEM backends
• Automate rule creation and testing in security operations workflows

Notes

A developer tool that uses LLM assistance and pySigma to write, validate, and convert Sigma detection rules for multiple backends including Splunk, Elastic, Kibana, and Wazuh. It provides 61 production rules, 3 MCP tools, and 3 skills for integration with Claude Code.

0 stars on GitHub. Last updated 2026-06-01. Licensed MIT.

Use cases

• Generate Sigma detection rules from natural language prompts via Claude Code
• Validate and convert existing Sigma rules to different SIEM backends
• Automate rule creation and testing in security operations workflows

Pros

• Supports multiple SIEM backends out of the box
• Includes a library of production-ready rules to start from
• Integrates directly with Claude Code for LLM-assisted rule writing

Cons

• Requires familiarity with Sigma rule syntax and pySigma
• Dependent on Claude Code for LLM features, limiting portability
• Small community and zero stars indicate limited adoption or testing

Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.