Enterprise DNA
M MCP Servers Developer low

WRG-11/wrg-sigma-rules

by Various

Sigma detection rule writing, validation, and conversion for Claude Code -- LLM-assisted + pySigma + multi-backend (Splunk, Elastic, Kibana, Wazuh). 61 production rules + 3 MCP too

W

MCP

WRG-11/wrg-sigma-rules

Added 1 June 2026

#claude-code #claude-code-plugin #detection-as-code #detection-engineering #elasticsearch #kibana #mcp-server #mitre-attack

Overview

A developer tool that uses LLM assistance and pySigma to write, validate, and convert Sigma detection rules for multiple backends including Splunk, Elastic, Kibana, and Wazuh. It provides 61 production rules, 3 MCP tools, and 3 skills for integration with Claude Code.

Best for

Best for
Security engineers and detection engineers who want to accelerate Sigma rule creation and conversion using LLM assistance.

Use cases

  • Generate Sigma detection rules from natural language prompts via Claude Code
  • Validate and convert existing Sigma rules to different SIEM backends
  • Automate rule creation and testing in security operations workflows

Notes

A developer tool that uses LLM assistance and pySigma to write, validate, and convert Sigma detection rules for multiple backends including Splunk, Elastic, Kibana, and Wazuh. It provides 61 production rules, 3 MCP tools, and 3 skills for integration with Claude Code.

0 stars on GitHub. Last updated 2026-06-01. Licensed MIT.

Use cases

  • Generate Sigma detection rules from natural language prompts via Claude Code
  • Validate and convert existing Sigma rules to different SIEM backends
  • Automate rule creation and testing in security operations workflows

Pros

  • Supports multiple SIEM backends out of the box
  • Includes a library of production-ready rules to start from
  • Integrates directly with Claude Code for LLM-assisted rule writing

Cons

  • Requires familiarity with Sigma rule syntax and pySigma
  • Dependent on Claude Code for LLM features, limiting portability
  • Small community and zero stars indicate limited adoption or testing

Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.

Pros

  • Supports multiple SIEM backends out of the box
  • Includes a library of production-ready rules to start from
  • Integrates directly with Claude Code for LLM-assisted rule writing

Cons

  • Requires familiarity with Sigma rule syntax and pySigma
  • Dependent on Claude Code for LLM features, limiting portability
  • Small community and zero stars indicate limited adoption or testing

Pairs with

Other entries in the index that connect to this one. Click through to see the chain.

Free 27-page guide

Get the free Developer’s Field Guide

A 27-page field guide to the AI coding workflow with Claude. Claude Code, MCP servers, the prompt patterns that work, and what to delegate. Free.

Enter your work email. We send it straight over, plus a few short notes worth knowing. Unsubscribe any time.

No spam. Unsubscribe any time.

Running a business, not writing the code? See the MCP servers picked for operators, and get your first one wired up with us.

Operator picks