ESLint for detection engineering

Score, lint and improve your Sigma, KQL and SPL detection rules.

Paste a rule. Get an instant quality scorecard — false-positive risk, MITRE ATT&CK coverage, lint findings, and an AI-generated fix with a diff you can ship.

Analyze a rule →See pricing
20 free analyses / monthNo credit cardFree forever for learners
Your Sigma rule
title: Suspicious PowerShell Download Cradle
logsource:
  product: windows
  category: process_creation
detection:
  selection:
    Image|endswith: '\\powershell.exe'
    CommandLine|contains:
      - 'DownloadString'
      - 'Invoke-WebRequest'
  condition: selection
level: high
DetectionLint scorecard
62 / 100
FP risk: 8/10
T1059.001
warningbroad-process-no-parent-filter
Matches powershell.exe without parent filter.
infomissing-attack-tag
Add `attack.t1059.001` to tags.
Supported
SigmaFree + Pro
KQLPro
SPL (Splunk)Pro
YARA-LPro
EQLPro
What it does

Detection engineering, code-reviewed

Detection teams spend hours reviewing rule quality by hand. DetectionLint does it in seconds — and catches the patterns humans forget.

20 lint rules out of the box

Broad-process-no-parent-filter, unanchored regex, mutually-exclusive conditions — we check the patterns that actually flood your SOC.

🧠

AI false-positive scoring

Every rule gets an FP risk score 0–10 with reasoning. "Matches powershell.exe without parent filter — expect heavy false positives."

🎯

MITRE ATT&CK mapping

Auto-extract technique tags from your rule. Cross-reference against coverage gaps in your detection inventory.

AI "Suggest fix"

Click once. Get an improved version of your rule with a diff — addressing lint findings while preserving detection intent.

📚

Public library of improved rules

Curated Sigma, KQL, SPL, YARA-L, and EQL rules from trusted upstream repos — each pre-scored for quality. Fork into your library with one click.

🔧

CI/CD GitHub Action

Fails the PR when detection rule quality regresses. Ship detections like you ship code — with a real quality gate.

Why DetectionLint

A quality gate built for the way you already ship.

CI checks, public libraries, AI-assisted fixes — the modern detection engineer's working surface, in one tool.

01

Detection rules are code. Lint them like code.

You wouldn't merge a PR without ESLint. We bring the same rigor to Sigma, KQL, SPL, YARA-L, and EQL — automatic checks against the patterns that flood SOCs with false positives.

02

False-positive risk, scored before deploy

Every analysed rule comes back with an FP risk score 0–10 and human-readable reasoning. Catch the broad process_creation rule before it pages an analyst at 3am.

03

ATT&CK coverage you can actually defend

Auto-extract MITRE ATT&CK techniques from rule logic, then cross-reference your full library to see exactly where your coverage maps — and where it doesn't.

04

A quality gate, not just a one-shot tool

API, GitHub Action, public rule library, AI "Suggest fix". DetectionLint plugs into the way your detection engineers already ship — PRs, repos, CI.

Pricing

Priced like ESLint, feels like a senior peer-review

Start free. Upgrade when you want AI-generated fixes or team features.

Your plan

Free

For learning & one-off checks.

$0/mo
  • 20 rule analyses / month
  • All 20 lint rules
  • FP score + ATT&CK mapping
  • Public library access
  • Community support
Start free
Most popular

Pro

Solo detection engineers.

$15/mo
  • Unlimited rule analyses
  • 100 AI "Suggest fix" / mo
  • Private rule library
  • API access (100/day)
  • Email support
Upgrade

Team

Detection teams, 3+ people.

$39/seat/mo
  • Everything in Pro
  • Shared team library
  • Seat-based access controls
  • OIDC SSO (Google, GitHub)
  • Audit logs
  • 500 AI fixes / seat / mo
Start team trial

Enterprise

20+ engineers, compliance-heavy.

$799+ /mo
  • Everything in Team
  • On-prem rule pack export
  • Security questionnaire & whitepaper
  • Extended audit log retention
  • Custom ATT&CK taxonomy
  • Dedicated support
Contact sales

Ship detections like you ship code.

Start free. 20 analyses a month. No credit card. Upgrade when you want AI fixes or team features.

Try DetectionLint →Talk to sales