Skip to content

Zircolite

SIEM & Threat Detection

A standalone Python tool that applies SIGMA detection rules to diverse log formats including EVTX, Auditd, Sysmon for Linux, CSV, XML, and JSON logs.

Track releases GitHub
Python Latest v3.7.6 · 4d ago Security brief →

Features

  • Automatic log type detection via magic bytes, content analysis, and regex fallback
  • Supports multiple input formats (EVTX, JSON Lines/Array, CSV, XML) with archive handling
  • Native Sigma rule support using pySigma conversion
  • SQLite‑backed SIGMA backend for efficient rule application
  • Custom field transforms (e.g., Base64 decoding) and flexible export via Jinja templates

Recent releases

View all 15 releases →
No immediate action
v3.7.6 Maintenance

Multi‑stage Docker build

Open
No immediate action
v3.7.5 Bug fix

Performance improvements

Open
Review required
v3.7.1 New feature

Template append flag

Open
No immediate action
v3.7.0 New feature

Graceful Ctrl+C shutdown

Open
v3.6.3 Bug fix

A patch to the streaming module fixes a runtime error, improving reliability for data pipelines that process continuous streams.

View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
822
Forks
114
Languages
Python Go Template Dockerfile
View on GitHub Documentation

Install & Platforms

Install via
pip
Platforms
linux macos arm64

Similar tools

Sigma
Hayabusa
oneuptime
signoz
teslamate

Beta — feedback welcome: [email protected]