Home Commands Tools Labs Defense Center Learning Paths Quizzes Challenges CTF Hubs Premium Log in

Library

Command reference

Search the live database for syntax, tools, use cases, tags, MITRE context, and safe lab-ready command examples.

140 results Clear filters
Defensive Intermediate Free

Convert a PowerShell download rule to Sentinel KQL.

Convert a PowerShell download rule to Sentinel KQL.

sigma convert -t sentinel rules/windows/powershell/powershell_susp_download.yml
sigma detection-engineering expanded-library
Sigma / Detection Engineering Open
Defensive Intermediate Free

Validate Linux auditd Sigma rules.

Validate Linux auditd Sigma rules.

sigma check rules/linux/auditd/*.yml
sigma detection-engineering expanded-library
Sigma / Detection Engineering Open
Defensive Intermediate Free

Convert suspicious user-agent detection to Lucene.

Convert suspicious user-agent detection to Lucene.

sigma convert -t lucene rules/proxy/proxy_susp_user_agent.yml
sigma detection-engineering expanded-library
Sigma / Detection Engineering Open
Defensive Intermediate Free

Convert Sysmon Sigma rules with a Splunk pipeline.

Convert Sysmon Sigma rules with a Splunk pipeline.

sigma convert -t splunk --pipeline splunk_windows rules/windows/sysmon/*.yml
sigma detection-engineering expanded-library
Sigma / Detection Engineering Open
Defensive Intermediate Free

Run strict Sigma repository validation.

Run strict Sigma repository validation.

sigma check --fail-on-warnings rules/
sigma detection-engineering expanded-library
Sigma / Detection Engineering Open
Defensive Intermediate Free

Convert suspicious logon detection to QRadar syntax.

Convert suspicious logon detection to QRadar syntax.

sigma convert -t qradar rules/windows/builtin/win_security_susp_logon.yml
sigma detection-engineering expanded-library
Sigma / Detection Engineering Open
Defensive Intermediate Free

Scan sample directory with recursive YARA matching.

Scan sample directory with recursive YARA matching.

yara -r rules/malware_triage.yar samples/
yara malware-analysis expanded-library
YARA / Malware Analysis Open
Defensive Intermediate Free

Show metadata for packer indicators.

Show metadata for packer indicators.

yara -m rules/packer_indicators.yar sample.bin
yara malware-analysis expanded-library
YARA / Malware Analysis Open
Defensive Intermediate Free

Compile YARA rules for faster reuse.

Compile YARA rules for faster reuse.

yarac rules/malware_triage.yar compiled_rules.yarc
yara malware-analysis expanded-library
YARA / Malware Analysis Open
Defensive Intermediate Free

Print matched strings for analyst review.

Print matched strings for analyst review.

yara --print-strings rules/suspicious_strings.yar sample.bin
yara malware-analysis expanded-library
YARA / Malware Analysis Open
Defensive Intermediate Free

Run YARA with strict rule warnings.

Run YARA with strict rule warnings.

yara --fail-on-warnings rules/*.yar sample.bin
yara malware-analysis expanded-library
YARA / Malware Analysis Open
Defensive Intermediate Free

Filter YARA execution by tag.

Filter YARA execution by tag.

yara -t ransomware rules/ransomware_family.yar samples/
yara malware-analysis expanded-library
YARA / Malware Analysis Open