Phoenix Studio
Convert indexed Sigma rules into analyst-ready detections.
This studio is built around Phoenix's own rule corpus, not a blank editor. Search by title or rule id, choose a live sigma-cli backend, then reveal pipelines only when you actually need them.
Indexed Rules
3,707
Ready to search
Backends
17
Live from sigconverter.io
CLI Versions
10
Newest: 2.0.2
Translation Workspace
Shape the rule before it leaves Phoenix
Pick a Rule
Search Phoenix by Sigma title or id instead of pasting raw YAML.
Rule-first workflow
Start with a Sigma rule from Phoenix and keep the conversion surface focused on downstream detection logic.
Conversion Output
Select a Sigma rule to begin
The original Sigma YAML, translated query, and reproducible CLI command live here.
Translation controls
Adjust the rule on the left, then regenerate when you want a fresh backend-native query.
BackendSplunkFormatDefaultVersion2.0.2
Search for a rule on the left to load the studio.
CLI command
Copy the exact command to reproduce this translation locally.
Choose a rule to generate a reproducible sigma-cli command.