A detection engineering workbench with LLM capabilities, including SigmaIQ features
Project description
DetectIQ
DetectIQ is an AI-powered security rule management library. It helps create, analyze, and optimize detection rules for various security platforms.
⚠️ IMPORTANT DISCLAIMER This project is a Proof of Concept and under active development. Expect bugs, breaking changes, and incomplete documentation. Not recommended for production use. Use at your own risk.
Quickstart
- Clone:
git clone https://github.com/AttackIQ/DetectIQ.git && cd DetectIQ - Configure: Copy
.env.exampleto.envand add your API keys (e.g.,OPENAI_API_KEY). - Install:
poetry install --all-extras(recommended) orpip install . - Explore: See the
examples/directory and the detailed documentation.
Key Features
- AI-powered rule creation and optimization (OpenAI).
- Integration with rule repositories (SigmaHQ, YARA-Forge, Snort3).
- Static analysis of samples (malware, PCAPs) for rule generation context.
- Multi-platform SIEM query translation.
For more details, see documentation.
Road Map
Key areas of future development include support for custom/local LLMs, more SIEM integrations, and enhanced rule validation. See issues for more.
Using as a Package
Install from PyPI:
pip install detectiq
DetectIQ is primarily used as a Python library. For detailed usage patterns and code examples, please refer to the examples/ directory and the main documentation.
Environment Configuration
Configure via environment variables. Copy .env.example to .env and set your API keys. For full details, see the documentation.
Development
This project uses a Makefile for common development tasks.
- Install development dependencies:
poetry install --all-extras(includes dev dependencies ifpyproject.tomlis configured for it, or use a specific group e.g.poetry install --with dev). Check yourMakefileorpyproject.tomlfor the exact command for dev dependencies. - View available commands:
make help - Format code:
make format - Run tests:
make test
For publishing information, see PUBLISHING.md.
Contributing
- Fork the repository.
- Create a feature branch.
- Commit your changes.
- Push to the branch.
- Create a Pull Request.
License
This project uses multiple licenses. The core project is licensed under LGPL v2.1. See the LICENSE file and notes on licenses for bundled rule sets within the documentation.
Support & Community
- Discussions: SigmaHQ Discord
- Issues: GitHub Issues
Acknowledgments
- SigmaHQ Community
- YARA-Forge Contributors
- Snort Community
- OpenAI
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file detectiq-0.1.44.tar.gz.
File metadata
- Download URL: detectiq-0.1.44.tar.gz
- Upload date:
- Size: 99.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.3 CPython/3.12.2 Linux/5.15.167.4-microsoft-standard-WSL2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ad6df426f30c21168deeab1371ed593d6fd2d65396e812656aefccb99cf12295
|
|
| MD5 |
3794c9a326f2f9e15de48a4321497172
|
|
| BLAKE2b-256 |
ae2ae0194207e183ea44ab463cc3a33822b1b894b1ad568ae9e6827ecc2a0eb0
|
File details
Details for the file detectiq-0.1.44-py3-none-any.whl.
File metadata
- Download URL: detectiq-0.1.44-py3-none-any.whl
- Upload date:
- Size: 139.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.3 CPython/3.12.2 Linux/5.15.167.4-microsoft-standard-WSL2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
73d4df9cf8bd20333bc53b3ce8aa22c7c697e2bf7fe584b1a26b7b37c9f693db
|
|
| MD5 |
97a16c1de47609df78189eec2e95dc58
|
|
| BLAKE2b-256 |
e5c0841853d97ed1d7223c4689419e86a4b64482a028351f4d3260f865708c4d
|
