I built a portable SIEM detection toolkit that converts Sigma rules to Splunk, Elastic, and Kibana queries

The problem If you've ever tried to manage detection content across different SIEMs, you know the pain. Sigma rules live in one folder, your Sysmon config is somewhere else, Wazuh custom rules are in yet another directory, and none of it maps cleanly back to MITRE ATT&CK. Converting rules between SIEM formats usually means installing sigmac or setting up a whole pipeline just to get a Splunk query out of a YAML file. I'm a cybersecurity student and I got tired of this workflow in my home lab, so I built SIEMForge — a single Python CLI that keeps all your detection content in one place and converts it natively. What it does SIEMForge is a portable toolkit that handles: Sigma rule conversion — translates detection rules to Splunk SPL, Elasticsearch Lucene, or Kibana KQL without any external dependencies (no sigmac needed) 10 pre-built detection rules covering credential dumping (T1003.001), process injection (T1055.003), lateral movement via PsExec (T1021.002), suspicious PowerShell (T10

I built a portable SIEM detection toolkit that converts Sigma rules to Splunk, Elastic, and Kibana queries

Related Articles

Beyond the Code: Why the 7-Step Development Lifecycle is Your Competitive Advantage.‍

HadisKu Is Now Ad-Free: Why I Removed Ads From My Islamic App

How To Be Productive — its not all about programming :)

Welcome Thread - v371

Which Software to Develop Apps Is Best in 2026? Top Tools Reviewed

Related Articles

How-To
Beyond the Code: Why the 7-Step Development Lifecycle is Your Competitive Advantage.‍
Medium Programming • 1h ago

How-To
HadisKu Is Now Ad-Free: Why I Removed Ads From My Islamic App
Dev.to • 3h ago

How-To
How To Be Productive — its not all about programming :)
Medium Programming • 3h ago

How-To
Welcome Thread - v371
Dev.to • 4h ago

How-To
Which Software to Develop Apps Is Best in 2026? Top Tools Reviewed
Medium Programming • 4h ago