DetectLab
Detection Engineering Platform

Build. Translate.
Operationalize.

A platform for building, translating, testing, and operationalizing detections across Sigma, Splunk, and PySpark — with a dedicated AI Security layer.

Try the ConverterBrowse Detections
20+
Detection Rules
8
Coverage Layers
4
Output Formats
OWASP
LLM & Agentic Top 10

Converter

Translate detections instantly

Write once in Sigma, deploy anywhere. Automatic translation to Splunk SPL and PySpark with validation and notes.

Sigma Input
rule.yml
title: Suspicious PowerShell Encoded Command
id: det-001
status: stable
logsource:
  category: process_creation
  product: windows
detection:
  selection:
    Image|endswith: '\powershell.exe'
    CommandLine|contains:
      - ' -EncodedCommand '
      - ' -enc '
  condition: selection
level: high
Splunk Output
detection.spl
index=endpoint sourcetype=WinEventLog:Security
  EventCode=4688
  Image="*\powershell.exe"
  (CommandLine="* -EncodedCommand *" OR
   CommandLine="* -enc *")
| table _time, host, user, CommandLine
| sort -_time
Open full converter

Platform

Everything for detection engineering

From writing rules to validating coverage to detecting AI threats — one platform for the full detection lifecycle.

Multi-Format Converter

Translate detections between Sigma, Splunk SPL, and PySpark with validated output and translation notes.

Explore

Detection Library

Searchable, filterable library of production-grade detections with full logic, tuning guidance, and deployment notes.

Explore

Coverage Framework

Structured visibility across Host OS, Network, Identity, Cloud, and AI Security layers with MITRE mapping.

Explore

AI Security

OWASP Top 10 for LLMs and Agentic AI — with practical detections, monitoring guidance, and threat models.

Explore

Detection Playground

Interactive workbench to write, test, and validate detections against simulated event scenarios.

Explore

Research Hub

Technical articles on detection engineering, PySpark detections, Sigma portability, and AI threat modeling.

Explore

Coverage Framework

Know your detection coverage

Structured visibility across 8 detection layers — from Host OS to AI Security. Map detections to MITRE techniques, identify gaps, and track maturity.

Host OS & Application
Network & Perimeter
Identity & Cloud
AI Security Extension
View coverage framework
Host OS
4
Host Application
2
Host Network
2
Middle Network
2
Large Application
2
Identity
3
Perimeter
2
AI Security Extension
3

AI Security

Detect threats in AI systems

OWASP Top 10 for LLMs and Agentic AI — with practical monitoring guidance, detection rules, and threat models.

Prompt Injection

Direct and indirect attacks manipulating LLM instructions

Tool Misuse

AI agents exploiting tool permissions for unauthorized actions

Agent Goal Drift

Autonomous agents deviating from intended objectives

Data Exfiltration

Sensitive data extracted through LLM API channels

API Abuse

Rate limit bypass, model DoS, and credential theft

Supply Chain

Poisoned model weights and compromised integrations

Explore AI Security

Start building detections

Convert your first rule, explore the library, or build in the playground.

Open ConverterTry Playground