Today I'd like to share a tool I recently wrote called Rulehound. It's a detection ruleset catalogue and search engine containing over 7,500 rules from 5 distinct sources. More details in thread. https://t.co/IYOnv1ucy0

If you ever wondered what goes into merging a Sigma rule in the @sigma_hq repo, check out the latest blog. SigmaHQ Quality Assurance Pipeline - https://t.co/A2OuF1VOcw We delve into the process we go through to ensure the community contributed rules are up to par.

Thanks to a poorly timed nor’easter, my flight to #OBTS was canceled. Bummed to be missing it but I hope to try again next year!

We are doing #obts10k run again at @objective_see #obts, so pack your running shoes to Ibiza 😎

My heart goes out to all the families and individuals anxious over their futures following the abrupt and chaotic announcement of H-1B visa changes. America should be working to attract more skilled talent, not create uncertainly that turns them away. To all legal immigrants

I spent some time with Spec Kit today to bootstrap a small side project and I’m impressed. It’s worth a look if you want to take vibe coding to the next level. Has me thinking about how a framework like this could be applied to Detection Engineering. https://t.co/mrctgLZcz5

Not unexpected “Velociraptor incident response tool abused for remote access” https://t.co/TXZcTE49tR

https://t.co/E533QchKQs

After many failed attempts, I’m thrilled to share that I’ll finally be attending #OBTS this year! See you in Ibiza 😎🏝️

And you won. Up The Green 🌲

Bump

The "Detection Engineering Field Manual" earned a spot on awesome-detection-engineering. This one's worth a read for both aspiring and experienced detection engineers alike. Looking forward to future posts. https://t.co/TdyDqgmwlW https://t.co/x71xnRF3OL

🇻🇳 VNPT ( https://t.co/WFS8XBWNzt) victime d'une #cyberattaque autour du 15 avril 2025. ⏭️ https://t.co/OIZudqzvVQ 👉 https://t.co/d8KqCPFg6c cc @ransomwaremap @cyber_etc

72 ⭐️ Rulehound is a comprehensive index and searchable repository of open-source threat detection rulesets across multiple security platforms 🛡️ to accelerate detection engineering workflows. @infosecb https://t.co/e6cG63O8Wh #starhistory #GitHub #OpenSource

Now I can finally say I've written about a topic Gartner, Forrester or @anton_chuvakin haven't covered before when it comes to #SIEM! https://t.co/T4RzbYy7ek #DetectionEngineering

Sublime's email-specific threat detection ruleset is now available in Rulehound:

I wrote a post on #macOS internals for detection engineers! 🔎 In this post, I focus on versioning quirks, system logging, and the historical context of macOS security features. I'd love to do a series on this soon—focusing on how I learned ARM basics, and how folks from

Lastly, I’m looking to expand the ruleset sources. If you would like me to include one, please submit an issue.

Rulehound is nowhere near done. There are a few known bugs and most likely some issues that I wasn’t able to identify during testing. Please submit any bugs you find in the Rulehound Github repo.

Why Rulehound? As Detection Engineers, we oftentimes turn to the amazing free and publicly available rulesets for inspiration when developing new content. Why reinvent the wheel when there’s already a blueprint? It’s a challenge to search across all the various rulesets for a