Detection rules

YARA, Suricata, Sigma and host-hunt rules pulled from the reports. Click a rule to see the full text and every post that uses it, or pull the set as JSON via the feed. We don't serve loadable rule files by design — copy and review before you deploy.