Detection Toolkit
#

Status: Planning — MVP starts with Sigma over local JSONL.

Detection Toolkit is an offline framework for testing detection rules via deterministic stimulus–observation–assertion workflows. Start with Sigma over local JSON logs, then expand to Splunk/Zeek/Suricata collectors and PCAP replay—no SIEM required.

Highlights
#

Declarative test definitions (YAML/JSON) executed by an orchestrator
Sigma + JSONL MVP with pass/fail assertions and checksums
Structured outputs (JSON/Markdown/JUnit) for audits and CI
Rust static binaries, TUI option, plugin-friendly architecture
Zero telemetry; reproducible runs with controlled seeds/timestamps

Usage
#

detection-toolkit run --tests ./examples/sigma-basic/ --format md --out results.md

Download & Verify

Download the latest release and verify its integrity:

Download Latest Release Verification Instructions

Checksum

sha256:0000000000000000000000000000000000000000000000000000000000000000

GPG Signature

Download Signature File

For detailed verification steps, see our Shipping & Verification page.

Detection Toolkit#

Highlights#

Usage#

Checksum

GPG Signature

Detection Toolkit
#

Highlights
#

Usage
#