ATT&CK Rule Map

ATT&CK Rule Map (attackrulemap.com) is a reference tool that maps MITRE ATT&CK techniques to detection rules from two major sources: Sigma and Splunk. The platform provides a structured, searchable table that correlates Atomic Red Team test cases (identified by ATT&CK Technique IDs and GUIDs) with corresponding Sigma detection rules and Splunk detection rules, enabling security teams to understand which detection logic exists for specific adversary techniques. The tool draws on the Atomic Red Team project (atomicredteam.io) for its catalog of attack simulations, and links directly to the SigmaHQ GitHub repository and Splunk's research portal for the associated detection rules. Users can filter the mapping by Sigma rules, Splunk rules, or a combination of both, and can export results as JSON or view them in the ATT&CK Navigator format. The platform covers a wide range of ATT&CK techniques across multiple platforms including Windows and Linux, with entries spanning credential dumping, defense evasion, execution, and other tactic categories. Each row in the table identifies the technique ID, the specific atomic attack test name, the target platform, and the relevant detection rules. ATT&CK Rule Map serves as a free, community-oriented reference resource primarily useful for detection engineers, threat hunters, and blue team practitioners who need to quickly identify existing detection coverage for known attack techniques and validate or improve their SIEM rule sets.