detflow: A Detection-Engineering Copilot You Can pip install

TL;DR 🚀 I shipped detflow to PyPI — an open-source, vendor-neutral detection-engineering...

domenica 7 giugno 2026 New tab

986 words~4 min read

TL;DR 🚀

I shipped detflow to PyPI — an open-source, vendor-neutral detection-engineering copilot. It does the four things I found myself re-implementing inside every detection-as-code workflow: draft a detection from plain English (as Sigma or Cortex XSIAM XQL), lint it offline, find overlaps against the rules you already run, and review it like a senior detection engineer. 🛡️

2 formats

draft & review in Sigma or Cortex XQL — one portable, one native

1 protocol

detflow: A Detection-Engineering Copilot You Can pip install

detflow: A Detection-Engineering Copilot You Can pip install

Other newsrooms on this story

Related reading

Airflow to the Rescue: How AI Powers Better DAG Failures

From Spec to PR: agentflow's Dynamic Multi-Agent Workflow for Claude Code

SpecFlow: Multi-Agent SDD in Cursor (4 phases, /approve, single code writer)

Introducing deepsec: The security harness for finding vulnerabilities in your…

Building filo-go: Reimagining Digital Forensics in Go

Running Karpathy's Autoresearch Loop on a T4 GPU inside Dataflow

Other newsrooms on this story

Related reading

Airflow to the Rescue: How AI Powers Better DAG Failures

From Spec to PR: agentflow's Dynamic Multi-Agent Workflow for Claude Code

SpecFlow: Multi-Agent SDD in Cursor (4 phases, /approve, single code writer)

Introducing deepsec: The security harness for finding vulnerabilities in your…

Building filo-go: Reimagining Digital Forensics in Go

Running Karpathy's Autoresearch Loop on a T4 GPU inside Dataflow