Detection Engineering Python Packages

agentic-threat-hunting-framework

ATHF is a framework for agentic threat hunting - building systems that can remember, learn, and act with increasing autonomy.

txt2detection

A command line tool that takes a txt file containing threat intelligence and turns it into a detection rule.

detect-droid

A pySigma wrapper to manage detection rules.

iocx

An extensible, deterministic static‑analysis engine that extracts high‑signal IOCs from PE binaries and text, built for SOC automation and modern threat‑analysis pipelines.

hushspec

Portable security rules for the action boundary of AI agents

esxi-testing-toolkit

🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.