Sigma Detection Rule Viewer
CyberNetSec.io STIX bundles embed Sigma detection rules as Indicator objects of pattern-type sigma. Traditional indicators also carry a Sigma rule in a custom x_netsecio_sigma_rule STIX property. Click any article's View Sigma Rules button to inspect, convert, and export the embedded rules to your SIEM or EDR platform.
Select a target platform — Splunk, Microsoft Sentinel KQL, Elastic, Cortex XDR, QRadar, and more — and export ready-to-use queries. All conversion is client-side with no data leaving your browser.
Sigma rules are generated for Critical, High, and Medium severity articles published from 1 April 2026 onwards.
Rule Inspector
Browse all Sigma rules in a bundle. See severity, status, log source category, MITRE tags, and the full raw YAML — all in one view.
Platform Convert
Convert rules to Splunk SPL, Microsoft Sentinel KQL, Elastic EQL, Cortex XDR, QRadar AQL — with CrowdStrike, Chronicle, MDE, SentinelOne and more coming soon. All conversion runs client-side.
Bulk Export
Download the full set as a single ----delimited YAML file, or export individual rules. Drop straight into your SIEM pipeline.
Sample bundle
CPUID Supply Chain Attack Distributes STX RAT Malware
Supported Platforms
11 live · 12 coming soon
Splunk
SPL
Sentinel
KQL
Elastic
EQL
Cortex XDR
XQL
QRadar
AQL
Defender (MDE)
KQL
CrowdStrike
SPL
Chronicle
YARA-L
OpenSearch
Lucene
SentinelOne
Deep Vis.
Elastic
Lucene
Graylog
Soon · Lucene
LogScale
Soon · LQL
Sumo Logic
Soon · Query
Securonix
Soon · SPOTTER
ArcSight
Soon · Query
LogRhythm Axon
Soon · ADS
Exabeam
Soon · EQL
Falco
Soon · YAML Rule
AWS Athena
Soon · SQL
Snowflake
Soon · SQL
RSA NetWitness
Soon · Query
FortiSIEM
Soon · XML Rule
Want to export Sigma rules to a platform not listed here, or add a new platform to the ROAMPA mapping? Submit a feature request and we'll prioritise it.
Found an issue with rule generation, MITRE mapping, or the output format? Report it via the feedback form and it'll go straight to a GitHub issue.