About
Detection engineering is the practice of building, testing, and maintaining the rules and logic that power security alerts. Done well, it is the difference between signal and noise. With the onset of AI and GenAI, organizations and teams need better capabilities and sharper insight to adapt.
Babels exists to make that practice more accessible. We build open-source tooling and share insights to help cyber defense practitioners raise the quality of their detections and their approaches. Whether it's model context protocol, large language models, agents, or a fully AI-powered SOC — we want to share good insight.
Babels work spans three areas:
- Tooling — open-source detection engineering solutions of all types.
- AI Integration — LLM-powered workflows for analysts and engineers who want to convert, validate, and deploy rules conversationally, either locally or through an agent via MCP.
- Insight — curated news and thought pieces on detection engineering, at a frequency of your choosing. Coming soon via Articles.
GitHub
Babel is a detection engineering approach built on Elastic and SIGMA to help cyber defense practitioners. It comes in two open-source editions depending on your stack.
Babel — AI Edition
Babel AI integrates large language model (LLM) capabilities directly into the detection engineering workflow. It accelerates SIGMA rule development, threat triage, and log analysis by pairing Elastic with AI-assisted reasoning.
An in-app panel is included, and Babel AI also ships an MCP server for analysts and engineers working inside an AI agent (such as Claude) who want that agent to do real SIGMA work — convert, validate, test, and deploy — against an Elastic stack, conversationally and agentically (the future is bright).
Babel AI also supports local model integration, so you can plug in the latest releases from Hugging Face and Ollama directly into your workflow.
View Babel AI on GitHub →
Babel — Standard Edition
Babel Standard is a detection engineering pipeline built on Elastic with no AI dependencies. It provides a structured approach to ingesting, normalizing, and alerting on security telemetry — giving analysts full control over their detection stack using proven, auditable tooling.
View Babel on GitHub →
Special Thanks
Babels integrates with several technologies to make meaningful solutions. Thank you to the following organizations and communities:
- Anthropic — AI assisted coding with Claude; safety research and integration and models powering Babel AI
- Security Onion — threat hunting and network visibility platform
- GrassMarlin — passive network mapping for ICS/SCADA environments
- Elastic — the search and observability engine at the core of Babel
- SIGMA HQ — the open standard for detection rules
- Ollama — local LLM runtime for running models on-device
- Hugging Face — open-source models and datasets powering AI research
- Carlos Delgado — background photography, via Unsplash
Articles
Coming Soon. We are planning to curate and create insight thought pieces and news on detection engineering. It'll be easy. One click to Subscribe.
Contact
