Rule Tuning Lab
Detection tuning lab — measures false-positive rate, precision, and noise grade per detection rule, then suggests tuning improvements based on labeled log samples.
Provide YAML rule definitions plus labeled log samples (noisy + clean), and the tool evaluates each rule's precision, false-positive rate, and noise grade. Suggests concrete tuning improvements (narrower regex, time-window adjustments, suppression filters) prioritized by impact.
Catalog entry only — a full write-up lands closer to release.
Related across catalogs
- Exploitation VisibilitySecurity project· Demo ready
Detection engineering lab — compares expected attack signals against collected logs to surface visibility gaps and prioritize new detection rules.
- Custom IDS ScriptSecurity project· Demo ready
Lightweight rule-based Linux intrusion detection — evaluates YAML rules against auth.log, syslog, and shell history to emit terminal, Markdown, and JSON alerts.
- Beaconing Traffic DetectorSecurity project· Demo ready
Detects periodic outbound callback (C2 beacon) behavior from timestamped network logs by scoring inter-arrival timing consistency per source/destination pair.
- Port Scan LabSecurity project· Demo ready
Detection lab for identifying Nmap-style port scan and reconnaissance activity from firewall logs.
- SOC Simulation LabSecurity project· Demo ready
End-to-end SOC workflow simulator — maps attack scenarios to collected logs, runs detections, identifies visibility gaps to practice analyst triage and detection engineering.
Want a heads-up when Rule Tuning Lab releases?