Hello LC community! I have something exciting to share with you.
I have just launched DetectionForge, a specialized environment for crafting, validating, and testing LimaCharlie detection rules.
What is DetectionForge?
DetectionForge is a comprehensive detection engineering platform built specifically for LimaCharlie. It streamlines the entire workflow from initial rule creation to historical validation using LC’s powerful replay capabilities.
Try it live: detectionforge.ddi.sh
Key Features
Rule Development & Testing:
- Advanced YAML editor with syntax highlighting and smart autocompletion
- Built-in unit testing framework with preset event samples
- Historical backtesting across multiple organizations using LC’s replay API
- Real-time validation against LimaCharlie rule schema
Workflow Enhancement:
- Event schema explorer to browse your organization’s telemetry structure
- Configuration management with backup/restore and bulk organization import
- Infrastructure as Code export with embedded unit tests
- Auto-draft system so you never lose your work
Production Ready:
- Cross-platform compatibility (works great on Safari too!)
- Secure memory-only credential storage
- Multi-organization support for enterprise environments
- Export rules ready for CI/CD deployment
Security First
DetectionForge uses a secure, memory-only approach - your API credentials and JWTs are never stored persistently and automatically clear when you close the browser. Perfect for security-conscious environments.
Why I Built This
As detection engineers, we often find ourselves jumping between multiple tools and interfaces to develop, test, and validate our detection logic. DetectionForge brings this entire workflow into a single, purpose-built environment that’s designed specifically for the LimaCharlie ecosystem.
Getting Started
- Visit detectionforge.ddi.sh
- Configure your LC credentials and organizations
- Start crafting and testing your detection rules!
The platform is completely free and open-source (AGPL v3). You can also run it locally if preferred.
What’s Next?
Future enhancements include:
- AI-powered rule generation and optimization
- Direct rule deployment to LC organizations
- Advanced analytics and detection effectiveness metrics
- Rule building wizard for guided detection creation
Community Driven
This is built for the security community, by the security community. I’d love to hear your feedback, feature requests, and contributions!
GitHub: Digital-Defense-Institute/lc-detectionforge
Give it a try and let me know what you think! Happy hunting! 
P.S. - If you find any bugs or have feature requests, please don’t hesitate to open an issue on GitHub. Your feedback helps make this tool better for everyone.