From e6ea75ca735cdb0f332077ce0cf15345d2db435e Mon Sep 17 00:00:00 2001 From: Adam Lin Date: Sat, 16 May 2026 17:19:52 +0800 Subject: [PATCH] docs: add ATR (Agent Threat Rules) to the list of tools supporting Sigma Signed-off-by: Adam Lin --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index f6c4db47e90..929de54576a 100644 --- a/README.md +++ b/README.md @@ -94,6 +94,7 @@ If you find a false positive or would like to propose a new detection rule idea * [AlphaSOC](https://docs.alphasoc.com/detections_and_findings/sigma_community/) - Leverages Sigma rules to increase coverage across all supported log sources * [alterix](https://github.com/mtnmunuklu/alterix) - Converts Sigma rules to the query language of CRYPTTECH's SIEM * [AttackIQ](https://www.attackiq.com/2024/01/10/sigmaiq-attackiqs-latest-innovation-for-actionable-detections/) - Sigma Rules integrated in AttackIQ's platform, and [SigmAIQ](https://github.com/AttackIQ/SigmAIQ) for Sigma rule conversion and LLM apps +* [ATR (Agent Threat Rules)](https://github.com/Agent-Threat-Rule/agent-threat-rules) - Open MIT-licensed detection rule format for AI agent security threats (prompt injection, tool poisoning, context exfiltration). Reference CLI exports ATR rules to Sigma format via `atr convert sigma`. * [Atomic Threat Coverage](https://github.com/atc-project/atomic-threat-coverage) (Since December 2018) * [AttackRuleMap - Mapping of Atomic Red Team tests and Sigma Rules](https://attackrulemap.com/) * [Confluent Sigma](https://github.com/confluentinc/confluent-sigma) - Kafka Streams supported Sigma rules