Detection Rules
The built-in rule library.
Every Wardex release ships with curated YARA and Sigma detections covering initial access, execution, persistence, privilege escalation, credential access, discovery, lateral movement, C2, collection, exfiltration and impact. Browse, filter and copy — or fork the repo and contribute your own.
0 rules · 0 YARA · 0 Sigma
No rules match these filters.
Contribute
Write once, ship to every deployment.
YARA rules
Add your rule to rules/yara/community.json in the format already used — Wardex ships them to every customer on the next release.
Sigma rules
Drop a Sigma YAML into rules/sigma/ under the appropriate tactic file (credential-access, persistence, etc.). Wardex converts to internal AST at load time.
Open a PR
See CONTRIBUTING.md for the workflow. Rules are reviewed for false-positive risk and signed into the next tagged release.