Sigma to KQL Converter
Paste a Sigma detection rule and get a Microsoft
Sentinel / Defender KQL query back — instantly, right in your
browser. Nothing is uploaded: the conversion runs entirely client-side, so your rules never leave your
machine. It handles the common, high-frequency subset of the Sigma spec
(logsource → table mapping, field/value matching, modifiers, and condition logic including
1 of/all of quantifiers) and is
honest about its limits — anything it can't translate is flagged, never silently dropped.
// Paste a Sigma rule on the left to convert it to KQL.What's supported
This converter is a starting point, not a substitute for review. Always validate field names and table mappings against your own schema before deploying a query to production. Looking for ready-made, reviewed detections? Browse the library.