andrewkolagit/DetectPack-Forge
DetectPack Forge turns plain-English behaviors or sample logs into production-ready detection packs — Sigma, KQL (Sentinel), SPL (Splunk) — plus tests and a response playbook, mapped to MITRE ATT&CK, fully powered by Gen AI.
This tool helps cybersecurity analysts create detection rules for their Security Information and Event Management (SIEM) systems. You describe a suspicious behavior in plain English, or provide a few lines of relevant log data. The output is a complete 'detection pack' including vendor-specific queries (Sigma, KQL for Sentinel, SPL for Splunk), test cases, a response playbook, and MITRE ATT&CK tags. This is designed for security practitioners who need to quickly develop and deploy new threat detections.
No commits in the last 6 months.
Use this if you need to rapidly generate SIEM detection rules, tests, and response playbooks from a simple description or log sample, without needing to master multiple query languages.
Not ideal if you need to fine-tune existing, highly complex detection logic or if you require deep customization beyond what standard query syntaxes offer.
Stars
24
Forks
1
Language
TypeScript
License
—
Category
Last pushed
Sep 15, 2025
Commits (30d)
0
Get this data via API
curl "https://pt-edge.onrender.com/api/v1/quality/agents/andrewkolagit/DetectPack-Forge"
Open to everyone — 100 requests/day, no key needed. Get a free key for 1,000/day.
Higher-rated alternatives
Nebulock-Inc/agentic-threat-hunting-framework
ATHF is a framework for agentic threat hunting - building systems that can remember, learn, and...
AgentSeal/agentseal
Security toolkit for AI agents. Scan your machine for dangerous skills and MCP configs, monitor...
cosai-oasis/secure-ai-tooling
The CoSAI Risk Map is a framework for identifying, analyzing, and mitigating security risks in...
HeadyZhang/agent-audit
Static security scanner for LLM agents — prompt injection, MCP config auditing, taint analysis....
LucidAkshay/kavach
Tactical AI Workspace Monitor & EDR