Search Rules
Find specific security detections
[[ rules_list.rule.length ]] results found
[[ rule.title ]]

[[ rule.description ]]

[[ rule.format ]]

[[ rule.type ]]
No rules match your search

Try adjusting your keywords or filters.

On this page

Project Overview

Bridging the gap between raw signatures and actionable intelligence.

Rulezet is an advanced Open Source platform built for Detection Engineers and SOC Analysts. In a world where security signatures are siloed across thousands of Git repositories, Rulezet acts as a centralized broker that imports, normalizes, and validates rules automatically.

Platform at a Glance

[[ totalRules ]]
Rules
[[ contributors ]]
Members
[[ formatsCount ]]
Formats

The Rule Lifecycle

01. Multi-Source Ingestion

Rules can enter the ecosystem through three primary channels:

  • Manual Creation: Use our built-in editor to write rules from scratch.
  • Admin Imports: Administrators can bulk-import rules via file uploads or by parsing raw strings.
  • GitHub Integration: Automated synchronization with remote repositories (Admin only).
02. Integrity & Syntax Verification

Every rule undergoes a rigorous compilation check. Our backend validates the syntax (YARA, SIGMA, etc.) to ensure that only 100% functional and "compilable" rules are added to the database, preventing broken deployments in your security stack.

03. Persistence & Evolution

Once added to Rulezet, the rule enters a managed state:

  • Pull Requests: Propose modifications to improve detection logic.
  • Auto-Updates: Rules linked to GitHub are automatically updated when the source changes.
  • Historical Tracking: We maintain a full version history for every rule, allowing you to audit changes over time.

User Roles & Ecosystem Interaction

Rulezet is designed as a collaborative ecosystem where every participant contributes to the collective defense. Whether you are a casual visitor, a professional threat hunter, or a repository maintainer, the platform scales its features to meet your specific needs in the detection engineering lifecycle.

Community Contributors

"Public engagement and feedback loop."

  • Interactive Feedback: Any registered user can Like, Comment, or Upvote rules to signal quality to the rest of the community.
  • Reporting: Flag "Bad Rules" or report false positives to help refine the accuracy of the database.
  • Propose Changes: Submit Pull Requests (PRs) to suggest logic improvements or update metadata for existing signatures.
Analysts & Owners

"Ownership and automated analysis."

  • Rule Ownership: Become a Rule Owner or recognized Contributor. Owners gain full editing privileges and can manage the versioning of their own detection logic.
  • API Integration: Access our robust REST API to automate rule analysis, fetch raw signatures for CI/CD pipelines, or integrate Rulezet directly into your SIEM/EDR.
  • Bundle Management: Create and maintain private collections of rules tailored for specific deployment environments.
Platform Administrators

"System integrity and quality control."

  • Repository Sync: Only Admins can link and synchronize external GitHub Repositories to maintain the core library.
  • Quality Gatekeeping: Admins review high-impact changes and community proposals to ensure the integrity of the detection database.
  • User Moderation: Manage permissions, review audit logs, and ensure that the platform remains a safe, high-fidelity resource for the industry.

Note on Detection Engineering: While Rulezet encourages open collaboration, the move from "Contributor" to "Owner" is based on your activity and the quality of your submissions. This ensures that the most critical detection rules are managed by experts with proven track records.

Supported Formats

[[ format.name.toUpperCase() ]]
[[ format.number_of_rule_with_this_format ]] Rules
Added: [[ format.creation_date ? format.creation_date.split(' ')[0] : 'N/A' ]] Executable Static

Governance, Transparency & Licensing

Public Rule Ecosystem

By default, all detection rules indexed in Rulezet are public. We believe in open security intelligence; however, please be mindful not to upload sensitive or proprietary logic not intended for community exposure.

Rule Licensing & Legal Compliance

Every rule remains subject to its original License (e.g., MIT, Apache 2.0). When imported from GitHub, licensing terms are preserved. Users are responsible for ensuring compliance when integrating these rules into commercial environments.

Private Bundles

While individual rules are public, your Bundles (curated collections) can be set to Private. This allows you to manage specific intelligence sets for internal infrastructure without exposing your defense strategy.

False Positive Management

Automated syntax validation ensures a rule is functional but does not guarantee 100% detection accuracy. Since logic may trigger false positives, we strongly recommend using our Evaluation System (Likes/Comments) to vet rule quality.

Report & Refine

Users can Report any rule that is broken, outdated, or malicious. Reports are routed directly to the Admin team, allowing the community to help maintain a high-fidelity database.

RBAC Controlled
Version History
License Tracking
Community Vetted

Project Origins & Vision

The CRCL Initiative

Rulezet is an initiative led by the The Computer Incident Response Center Luxembourg (CIRCL), part of the LHC . Our mission is to bridge the gap between academic research and operational cybersecurity by providing high-performance tools for the global defense community.

By centralizing detection logic, we aim to reduce the complexity of threat hunting and empower SOC teams with validated, community-vetted intelligence.

NGSOTI project CRCL Project
Open Source

This project is fully transparent and maintained on GitHub. We operate under the MIT License, allowing for wide collaboration and integration.

Source Code View more details

This project started as an internship initiative and has since evolved into the core engine of the Rulezet ecosystem.