Metadata-Version: 2.1
Name: detectiq
Version: 0.1.47
Summary: A detection engineering workbench with LLM capabilities, including SigmaIQ features
Home-page: https://github.com/AttackIQ/DetectIQ
License: LGPL-2.1
Keywords: security,detection,sigma,yara,snort,llm
Author: AttackIQ
Author-email: rajesh.sharma@attackiq.com
Requires-Python: >=3.9,<=3.12
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Information Technology
Classifier: License :: OSI Approved
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Provides-Extra: elastic
Provides-Extra: microsoft
Provides-Extra: splunk
Requires-Dist: aiofiles (>=24.1.0,<25.0.0)
Requires-Dist: cryptography (>=42.0.5,<43.0.0)
Requires-Dist: dpkt (>=1.9.8,<2.0.0)
Requires-Dist: elasticsearch (>=8.0.0,<9.0.0) ; extra == "elastic"
Requires-Dist: faiss-cpu (>=1.9.0,<2.0.0)
Requires-Dist: idstools (>=0.6.5,<0.7.0)
Requires-Dist: importlib-resources ; python_version < "3.10"
Requires-Dist: keyring (>=25.5.0,<26.0.0)
Requires-Dist: langchain (>=0.3.7,<0.4.0)
Requires-Dist: langchain-community (>=0.3.7,<0.4.0)
Requires-Dist: langchain-core (>=0.3.17,<0.4.0)
Requires-Dist: langchain-openai (>=0.2.8,<0.3.0)
Requires-Dist: msal (>=1.31.1,<2.0.0) ; extra == "microsoft"
Requires-Dist: openai (>=1.54.4,<2.0.0)
Requires-Dist: pefile (>=2024.8.26,<2025.0.0)
Requires-Dist: plyara (>=2.1.1,<3.0.0)
Requires-Dist: pydantic (>=2.0.0)
Requires-Dist: pysigma (>=0.11.14,<0.12.0)
Requires-Dist: pysigma-backend-carbonblack (>=0.1.8,<0.2.0)
Requires-Dist: pysigma-backend-cortexxdr (>=0.1.4,<0.2.0)
Requires-Dist: pysigma-backend-crowdstrike (>=2.0.0,<3.0.0)
Requires-Dist: pysigma-backend-elasticsearch (>=1.1.2,<2.0.0)
Requires-Dist: pysigma-backend-insightidr (>=0.2.4,<0.3.0)
Requires-Dist: pysigma-backend-kusto (>=0.4.0,<0.5.0)
Requires-Dist: pysigma-backend-loki (>=0.12.0,<0.13.0)
Requires-Dist: pysigma-backend-netwitness (>=0.1.3,<0.2.0)
Requires-Dist: pysigma-backend-opensearch (>=1.0.2,<2.0.0)
Requires-Dist: pysigma-backend-qradar-aql (>=0.3.2,<0.4.0)
Requires-Dist: pysigma-backend-secops (==0.1.4)
Requires-Dist: pysigma-backend-sentinelone (>=0.1.3,<0.2.0)
Requires-Dist: pysigma-backend-splunk (>=1.1.0,<2.0.0)
Requires-Dist: pysigma-backend-stix2 (>=0.2.0,<0.3.0)
Requires-Dist: pysigma-pipeline-sysmon (>=1.0.4,<2.0.0)
Requires-Dist: pysigma-pipeline-windows (>=1.2.0,<2.0.0)
Requires-Dist: python-dotenv (>=1.0.1,<2.0.0)
Requires-Dist: python-magic (>=0.4.27,<0.5.0)
Requires-Dist: pyyaml (>=6.0,<7.0)
Requires-Dist: requests (>=2.32.3,<3.0.0)
Requires-Dist: ruamel-yaml (>=0.18.6,<0.19.0)
Requires-Dist: scapy (>=2.6.1,<3.0.0)
Requires-Dist: six
Requires-Dist: splunk-sdk (>=2.1.0,<3.0.0) ; extra == "splunk"
Requires-Dist: tiktoken (>=0.8.0,<0.9.0)
Requires-Dist: yara-python (>=4.5.1,<5.0.0)
Project-URL: Repository, https://github.com/AttackIQ/DetectIQ
Description-Content-Type: text/markdown

# DetectIQ
[![Python 3.9+](https://img.shields.io/badge/python-3.9+-blue.svg)](https://www.python.org/downloads/)
[![License: LGPL v2.1](https://img.shields.io/badge/License-LGPL_v2.1-blue.svg)](https://www.gnu.org/licenses/lgpl-2.1)
[![Status: Alpha](https://img.shields.io/badge/Status-Alpha-red.svg)]()

DetectIQ is an AI-powered security rule management library. It helps create, analyze, and optimize detection rules for various security platforms.

> ⚠️ **IMPORTANT DISCLAIMER**
> This project is a **Proof of Concept** and under active development. Expect bugs, breaking changes, and incomplete documentation. Not recommended for production use. Use at your own risk.

## Quickstart

1.  **Clone:** `git clone https://github.com/AttackIQ/DetectIQ.git && cd DetectIQ`
2.  **Configure:** Copy `.env.example` to `.env` and add your API keys (e.g., `OPENAI_API_KEY`).
3.  **Install:** `poetry install --all-extras` (recommended) or `pip install .`
4.  **Explore:** See the `examples/` directory and the [detailed documentation](docs/README.md).

## Key Features
*   AI-powered rule creation and optimization (OpenAI).
*   Integration with rule repositories (SigmaHQ, YARA-Forge, Snort3).
*   Static analysis of samples (malware, PCAPs) for rule generation context.
*   Multi-platform SIEM query translation.

For more details, see [documentation](docs/README.md).

## Road Map
Key areas of future development include support for custom/local LLMs, more SIEM integrations, and enhanced rule validation. See [issues](https://github.com/AttackIQ/DetectIQ/issues) for more.

## Using as a Package
Install from PyPI:
`pip install detectiq`

DetectIQ is primarily used as a Python library. For detailed usage patterns and code examples, please refer to the `examples/` directory and the main [documentation](docs/README.md).

## Environment Configuration
Configure via environment variables. Copy `.env.example` to `.env` and set your API keys. For full details, see the [documentation](docs/README.md).

## Development
This project uses a `Makefile` for common development tasks.
*   Install development dependencies: `poetry install --all-extras` (includes dev dependencies if `pyproject.toml` is configured for it, or use a specific group e.g. `poetry install --with dev`). Check your `Makefile` or `pyproject.toml` for the exact command for dev dependencies.
*   View available commands: `make help`
*   Format code: `make format`
*   Run tests: `make test`

For publishing information, see [PUBLISHING.md](PUBLISHING.md).

## Contributing
1.  Fork the repository.
2.  Create a feature branch.
3.  Commit your changes.
4.  Push to the branch.
5.  Create a Pull Request.

## License
This project uses multiple licenses. The core project is licensed under LGPL v2.1. See the `LICENSE` file and notes on licenses for bundled rule sets within the [documentation](docs/README.md).

## Support & Community
*   Discussions: [SigmaHQ Discord](https://discord.gg/27r98bMv6c)
*   Issues: [GitHub Issues](https://github.com/AttackIQ/DetectIQ/issues)

## Acknowledgments
*   SigmaHQ Community
*   YARA-Forge Contributors
*   Snort Community
*   OpenAI

