Sigma Rule Converter
Sigma ecosystem
- SigmaHQ/sigma — Main rule repository (3000+ rules), sigmahq.io. Convert with Sigma CLI (pySigma) or sigconverter.io.
- marirs/sigma-convert — Rust-based converter; CLI
sigmac --dest-type <target> --file-source rule.yml. Live converter & API: sigmac.to / API docs. Backends: ElastAlert, Splunk, Kibana, QRadar, ArcSight, Chronicle, Sentinel, Sumo Logic, GrayLog, SQL, and more.
Paste a single Sigma rule in YAML format. Include title, logsource, detection, etc.
title: Suspicious SYSTEM User Process Creation
logsource:
category: process_creation
product: windows
detection:
selection:
IntegrityLevel: System
User|contains: ['AUTHORI', 'AUTORI']
condition: selection