Thank you for your interest in contributing to this project!
We welcome high‑quality contributions that improve the functionality, documentation, detection rules, scenarios, and overall quality of the repository.
You may contribute in several ways:
- Code Contributions
- Detection Rules
- Documentation
- Issues & Suggestions
Before submitting a Pull Request, please open an issue describing:
- What you want to add or fix
- Why it is needed
- How you plan to implement it
This helps maintain project structure and prevents duplicate work.
Create your own fork and work on a dedicated branch:
feature/my-new-feature
fix/bug-description
rule/sigma-rule-name
- Keep code clean, readable, and well‑commented
- Follow Python best practices (PEP8 recommended)
- Use meaningful filenames and commit messages
- Avoid breaking existing functionality
- Include MITRE ATT&CK technique IDs
- Add clear descriptions and references
- Test rules on sample logs if possible
- Follow Sigma/YARA/Suricata syntax standards
- Include examples, screenshots, or logs when helpful
- Keep formatting consistent
- Ensure your branch is up to date with
main - Submit a PR with a clear title and description
- Link the related issue (required)
- The maintainer will review your PR
- Requested changes (if any) must be completed
- Once approved, your PR will be merged
By contributing, you agree to follow the project’s Code of Conduct.
Respectful and professional communication is expected at all times.
By submitting a contribution, you agree that your work will be licensed under the project’s license:
For full license details, see LICENSE.
Your contributions help improve this project and support the cybersecurity community.
We appreciate your time, effort, and expertise.