I built a portable SIEM detection toolkit that converts Sigma rules to Splunk, Elastic, and Kibana queries

The problem If you've ever tried to manage detection content across different SIEMs, you know the pain. Sigma rules live in one folder, your Sysmon config is somewhere else, Wazuh custom rules are in yet another directory, and none of it maps cleanly back to MITRE ATT&CK. Converting rules between SIEM formats usually means installing sigmac or setting up a whole pipeline just to get a Splunk query out of a YAML file. I'm a cybersecurity student and I got tired of this workflow in my