Now live — free tier, no credit card

ESLint for detection engineering

Paste a Sigma, KQL, SPL, or YARA-L rule. Get an instant quality scorecard: false-positive risk, SIEM performance cost, MITRE ATT&CK coverage, lint findings, and an AI-generated fix.

Analyze a rule →See pricing
20 free analyses/month · No credit card · Free forever for learners
Your Sigma rule
title: Suspicious PowerShell Download Cradle
logsource:
  product: windows
  category: process_creation
detection:
  selection:
    Image|endswith: '\\powershell.exe'
    CommandLine|contains:
      - 'DownloadString'
      - 'Invoke-WebRequest'
  condition: selection
level: high
DetectionLint scorecard
62 / 100
FP risk: 8/10
T1059.001
warningbroad-process-no-parent-filter
Matches powershell.exe without parent filter.
infomissing-attack-tag
Add `attack.t1059.001` to tags.
Supported
SigmaFree + Pro
KQLPro
SPL (Splunk)Pro
YARA-LPro

Detection engineering, code-reviewed

Detection teams spend hours reviewing rule quality by hand. DetectionLint does it in seconds — and catches patterns humans forget.

20 lint rules out of the box

Broad-process-no-parent-filter, unanchored regex, mutually-exclusive conditions — we check the patterns that actually flood your SOC.

🧠

AI false-positive scoring

Every rule gets an FP risk score 0–10 with reasoning. "Matches powershell.exe without parent filter — expect heavy false positives."

🎯

MITRE ATT&CK mapping

Auto-extract technique tags from your rule. Cross-reference against coverage gaps in your detection inventory.

AI "Suggest fix"

Click once. Get an improved version of your rule with a diff — addressing lint findings while preserving detection intent.

📚

Public library of improved rules

Curated Sigma, KQL, SPL, and YARA-L rules from trusted upstream repos — each pre-scored for quality. Fork into your library with one click.

🔧

CI/CD integration

GitHub Action that fails the PR when detection rule quality regresses. Ship detections like you ship code.

Priced like ESLint, feels like a senior peer-review

Start free. Upgrade when you want AI-generated fixes or team features.

YOUR PLAN

Free

For learning & one-off checks.

$0/mo
  • 20 rule analyses / month
  • All 20 lint rules
  • FP score + ATT&CK mapping
  • Public library access
  • Community support
Start free
POPULAR

Pro

Solo detection engineers.

$15/mo
  • Unlimited rule analyses
  • 100 AI "Suggest fix" / mo
  • Private rule library
  • API access (100/day)
  • Email support
Upgrade

Team

Detection teams, 3+ people.

$39/seat/mo
  • Everything in Pro
  • Shared team library
  • CI/CD integration
  • Slack + GitHub app
  • SSO (SAML, OIDC)
  • 500 AI fixes / seat / mo
Start team trial

Enterprise

20+ engineers, compliance-heavy.

$799+ /mo
  • Everything in Team
  • On-prem lint rule packs
  • SOC 2 report
  • Audit logs
  • Custom ATT&CK taxonomy
  • Dedicated support
Contact sales

Ship detections like you ship code.

Start for free. 20 analyses a month. No credit card.

Try DetectionLint →