Security Detections

Install

About

An MCP server that provides unified access to security detection rules from Sigma, Splunk ESCU, Elastic Detection Rules, and KQL query repositories. The implementation indexes detection rules into a searchable SQLite database with full-text search capabilities, automatically parsing YAML and TOML formats to extract MITRE ATT&CK mappings, CVE references, process names, and other metadata. Supports advanced filtering by MITRE tactics, severity levels, data sources, and process names, making it useful for security analysts building detection coverage maps, threat hunters researching specific attack techniques, or security engineers comparing detection approaches across different SIEM platforms.

Tags