rulezet-core v1.4.2 — Sharper UI, Smarter Integrations

Released on 2026-04-16

This release brings a redesigned home experience with an interactive carousel and a dedicated CVE intelligence section. The highlight of this version is a deep expansion of MISP integration — Rulezet now ships two brand-new MISP object templates (rulezet-metadata and rulezet-bundle) contributed to the https://github.com/MISP/misp-objects , enabling rich, structured threat intelligence sharing directly from the platform. Stability has also been significantly improved across STIX, toaster notifications, and the update pipeline.

Features

• New MISP object templates — two new templates contributed to the official MISP Objects repository:
  • [rulezet-metadata]— captures all rule metadata (title, format, author, version, CVE IDs, license, source, votes, timestamps) as a structured MISP object
  • [rulezet-bundle]— captures bundle-level metadata as a dedicated MISP object, enabling bundle sharing in MISP ecosystems
• Rule MISP export — object or full event — rules can now be exported in two modes:
  • Object mode — returns a list of MISP objects including[rulezet-metadata], the format-specific content object (YARA, Sigma, Suricata…), CVE vulnerability attributes, and associated tags
  • Event mode — wraps everything into a full MISP event with cross-object references, tag annotations, and vulnerability relationships ready to push to any MISP instance
• Bundle MISP event export — bundles can now be exported as a complete MISP event containing the [rulezet-bundle]object, all associated rules as individual MISP objects, their CVEs, and their tags — making bundle-level threat intel sharing a first-class feature

• CVE section on home — new dedicated section surfacing the most recent CVE-linked rules directly on the homepage
• UUID redirect — rules and bundles can now be accessed directly by UUID or ID via clean redirect URLs
• Copy button — one-click copy added across rule content views

Fixes

• STIX fetch — resolved multiple consecutive failures when fetching STIX representations of rules (5 successive fixes stabilizing the pipeline)
• Edit page — formats list was not loading correctly, now fixed
• MISP object — fixed attribute type resolution issues with newer PyMISP template versions; objects now explicitly declare attribute types to remain compatible across PyMISP versions
• Toaster — replaced display-only toast with proper create_message calls; unified flash and toast styling
• Vue app — toaster system rebuilt inside the Vue app for consistent notification handling
• Migration — added guards to prevent migration failures on already-applied changes
• Update pipeline — multiple bug fixes in the rule update flow
• UI polish — minor interface corrections across several views

Improvements

• Home carousel — full carousel redesign with smooth slide transitions, drag support, and responsive breakpoints

• Proposal UI — edit proposal page overhauled for better readability and workflow

• Toggle theme — new dark/light mode toggle with improved UX
• Like/Dislike performance — vote processing time reduced from ~5s to ~1s
• UI imports — migrated to {% block head %} for stylesheet injection

Security

Migration protections — stricter guards on database migration execution to prevent unintended schema changes in productionThe diagram below shows the structure of the MISP integration introduced in this release.

Hackathon Luxembourg 2026

A big thank you to everyone I had the chance to meet and exchange with at the Hackathon Luxembourg 2026 this week. The conversations were incredibly stimulating and directly shaped several ideas that made it into this release and into the roadmap. Thank you for your energy, your proposals, and your feedback — the community is what makes this project move forward.

Rulezet at FIRST CTI 2026

Next week, Rulezet will be presented at the [FIRST CTI 2026 conference] in the session:

Collaborative Detection Engineering with Rulezet

Come say hello if you are attending — looking forward to sharing what we have built and hearing your thoughts in person.

Full Changelog

Full Changelog: [v1.4.1...v1.4.2]

Rulezet v1.4.1 - Core Update

Rulezet v1.4.1 - Core Update

This report summarizes the recent updates and improvements for the Rulezet project, leading up to version 1.4.1.

New Features

• MISP Integration: Added a new MISP object specifically for NSE, Wazuh, CRS and Nova formats.

• URL Filtering: Users can now use filter parameters directly in the URL for faster access.
  https://rulezet.org/rule/rules_list?format=yara&sources=https://github.com/roadwy/DefenderYara

• Email Verification: New users must now verify their email addresses to improve security. (30 min available)

• Pagination: Added pagination to the rule set lists to improve loading speed and navigation.

Improvements & Changes

• Filter UI: Added a "collapse" feature to filters to save screen space.

• Bad Rule Section: Improved the filtering options within the "bad rule" section.

• User Interface: Updated the design of the user detail pages and user lists.

• Update Scripts: Created a new script to update the online website

• Requirements: Added rapidfuzz for better performance to similarity script.
  more informations : https://rapidfuzz.github.io/RapidFuzz/Usage/fuzz.html

Bug Fixes

• Tag Filtering: Fixed an issue where tags did not work correctly with URL filters.

• Yara & API: Fixed the Yara script logic and corrected errors in the API creation process.

• General Fixes: Resolved various issues in the project requirements and installation scripts.

Road to FIRST CTI 2026

The Rulezet project will be presented at the FIRST CTI 2026 conference, where I will provide more technical details. This 1.4.1 release aims to finalize as many features as possible before the presentation. Additionally, I have created a diagram showing how Rulezet integrates with other CIRCL tools, thanks to the teams' support.

---

Co-funded by the European Union and CIRCL. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Cybersecurity Competence Centre. Neither the European Union nor the granting authority can be held responsible for them.

This repository is part of the NGSOTI project. Project: 101127921 NGSOTI DIGITAL‑ECCC‑2022‑CYBER‑03

Full Changelog: v1.4.0...v1.4.1

Rulezet v1.4.0 — Taxonomy, Precision, and Advanced Discovery

Rulezet v1.4.0 — Taxonomy, Precision, and Advanced Discovery

Version 1.4.0 is a milestone update that transforms how intelligence is categorized and retrieved within Rulezet. By placing Tags and Taxonomies at the heart of the ecosystem, this release empowers users with granular control over their data. From private custom tagging to a revolutionary filtering engine, v1.4.0 ensures that finding the right rule is no longer a search—it’s a precision operation.

On the administrative side, we’ve introduced robust tools for visibility control and system resilience, including a new backup architecture and CVE sanitization to maintain data integrity across the platform.

Online version available at rulezet.org

Release Notes - v1.4.0

New Features

• Centralized Tagging System: Comprehensive support for attaching tags and specific Vulnerabilities (CVEs) directly to both individual rules and bundles.

• MISP Taxonomy Integration: Full integration of MISP taxonomies, allowing users to leverage industry-standard classification frameworks.

• Custom User Tags: Users can now create Private Tags for personal organization. These are visible only to the creator and platform administrators.

• Advanced Discovery Engine: A powerful new filtering system allowing users to search by:

  • License type, Tags, and Taxonomies.

  • Source, Format, and Date ranges.

  • Full-text search (Title, Content, or Global).

• Dynamic Bundle Creation: Capability to generate new bundles instantly based on active filter results.

• Multi-Format Export: New "Download from Filter" feature supporting JSON exports or structured folder downloads.

• Admin Visibility Control: Administrators can now toggle the global visibility of specific tags to keep the public interface clean.

• Admin Backup System: A new dedicated backend system for automated and manual platform backups.

Improvements

• CVE Sanitization: Implementation of a normalization engine to fix inconsistent CVE typos and formats, ensuring a "single source of truth" for vulnerabilities.

• Component-Based Architecture: Migrated repetitive UI elements (like tag displays and rule cards) to Vue.js components, significantly increasing interface fluidity and maintainability.

• Enhanced Pagination: Optimized data loading for large collections to ensure smooth browsing.

• Taxonomy Standardization: Updated all internal labels and typographies to meet professional intelligence standards.

Bug Fixes

• Tag Collision: Resolved issues where overlapping tags caused filtering errors.

• Search Latency: Fixed performance bottlenecks when querying large datasets with multiple active filters.

• UI Consistency: General fixes for responsive layouts and component rendering across different browsers.

Images

Interface Discovery & Filters	MISP Taxonomy & Tags
Rule & Bundle Management	Advanced Export & Bundling

Note: With the introduction of Vue.js components, Rulezet 1.4.0 offers a much snappier feel. Check out the new "Private Tags" in your profile settings to start organizing your personal workflow!

Funding

Rulezet is co-funded by CIRCL and by the European Union under FETTA (Federated European Team for Threat Analysis) project.

Release Notes - v1.3.0

Rulezet v1.3.0 — Structure, Collaboration, and Intelligence

Version 1.3.0 marks a major step forward for Rulezet, focusing on better structure, richer collaboration, and smarter rule intelligence. This release introduces a new way to organize and manage rule bundles, a more capable rule editor, and the first set of social features to support discussion and feedback around shared content. Rulezet.org is the publicly accessible, online version of the platform, available to everyone without restriction.

On the intelligence side, v1.3.0 lays the groundwork for higher-quality rule ecosystems with a new similarity engine to detect duplicates and assess overlap between rules, helping users keep their collections clean and meaningful. Administrative workflows are also strengthened with improved tag management and the first integration points with MISP taxonomies.

Alongside these features, the interface has been significantly refreshed and core back-end mechanisms optimized to deliver a faster, smoother experience. As always, several long-standing issues have been fixed to improve stability and reliability across the platform.

Release Notes - v1.3.0

New Features

• Bundle Management: Implementation of a new system for bundle organization and management.

• Rule Editor: New editor functionality for managing folders and files within rules.

• Social Features: Added a comment system for bundles, including reactions such as likes and dislikes.

• Similarity Engine: New system to detect duplicate content and compare similarity scores between rules.

• Tag Management: New management interface for tags (restricted to administrators).

• MISP Integration: Linked MISP taxonomies to Rulezet (tagging support to be added in a future release).

Improvements

• User Interface: Significant overhaul of the interface design.

• Backend Performance: Core changes to the update system to improve overall speed and efficiency.

Bug Fixes

• Rule Import: Fixed issues occurring during the rule import process.

• UI Maintenance: General interface bug fixes and optimizations.

New Rulezet version v1.2.0

🚀 Rulezet Release Notes - v1.2.0

We are excited to announce the release of Rulezet 1.2.0. This version introduces significant performance architectural changes, a complete UI overhaul, and enhanced security features.

⚡ Core Engine & Performance

New Asynchronous Import System

The import engine has been completely rewritten to support multi-threading and async operations.

• Speed: Significant reduction in processing time for large datasets.
• UX: Added a real-time Progress Bar and a dedicated Import Monitoring Section to track active tasks.

Advanced Rule Parsing

• Implemented a high-performance parser that drastically reduces False Positives.
• Improved syntax validation during the compilation phase to ensure data integrity.

🛠 Rule Management & Updates

Flexible Import Sources

You are no longer limited to GitHub. You can now create rules by importing:

• Local Folders
• ZIP Archives

History Overview

Intelligent Update System

A new approach to rule synchronization and state management:

• Smart Detection: Automatically identifies new rules and status changes (Found Update, Syntax Valid).

• Safety First: The update pipeline now includes a Syntax & Compilation Validator to prevent "bad rules" from entering the production environment.

• Diff Engine Fix: Resolved rendering issues when comparing rule versions. The history view now accurately displays differences using a dedicated diff library.

  

🛡 Security & API Enhancements

Strengthened Security

• Password Policy: Introduced a new "Strong Password" system with additional complexity constraints.
• Validation Fixes: Patched several bypass vulnerabilities in the update process.

API & Connectivity

• Vulnerability Lookup: New API methods to link CVEs directly with documentation via CIRCL Vulnerability Lookup.
• JSON Export: New endpoint to retrieve all rules in JSON format for external analysis.

🎨 UI/UX & Gamification

The "New Look"

The interface has been redesigned for clarity and speed:

• New Components: Redesigned Home, Rule List, Rule Detail, and Sidebar.
• Navigation: Integrated a global Search Bar in the Navbar and a new Notification System.
• Visual Polish: Added smooth animations for likes/stars and Christmas decorations 🎄 to celebrate the season!
• Performance: Faster rendering with visible loading states to improve perceived speed.
• 

### Playground & Community

• Gamification: A new "Play Zone" where users earn points and badges.

• Global Ranking: Compete with others in the world leaderboard.

• Bundles: You can now "Like" rule bundles.

Documentation & On-boarding

• Project Hub: A new section explaining the project, including technical formats and .rule syntax documentation.

🔧 Bug Fixes & Improvements

• Fixed validation bypass during rule updates.
• Optimized data organization for better codebase maintainability.
• Fixed UI rendering glitches in the history comparison view.

New Contributors and Acknowledgment

• @Wachizungu made their first contribution in #3
• @ecrou-exact made their first contribution in #4
• @aaronkaplan made their first contribution in #8
• @cvandeplas made their first contribution in #25
• @DavidCruciani made their first contribution in #27

A huge thank to all the participant to the first workshop at hack.lu 2025.

We will be at the FIRST CTI conference in April 2026 with a new workshop.

Co-funded by the European Union and CIRCL. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Cybersecurity Competence Centre. Neither the European Union nor the granting authority can be held responsible for them.

This repository is part of the NGSOTI project. Project: 101127921 NGSOTI DIGITAL‑ECCC‑2022‑CYBER‑03

Full Changelog: v1.1.0...v1.2.0

Update rule class v1.1.0

Release 1.1.0

In this release, the entire rule processing system has been redesigned and improved.
We have introduced a new, modular architecture based on an abstract base class RuleType, allowing the creation of multiple rule formats in a consistent and maintainable way. Each rule format now implements the required methods for validation, metadata parsing, file extraction, and rule retrieval.

Key Changes

• New Architecture for Rule Processing
  All rule formats now inherit from the abstract class RuleType, which defines the contract for:

  @dataclass
  class ValidationResult:
      """Class for keeping information if a rule is valid or not."""
      ok: bool
      errors: List[str] = field(default_factory=list)
      warnings: List[str] = field(default_factory=list)
      normalized_content: Optional[str] = None
  
  class RuleType(ABC):
      @property
      @abstractmethod
      def format(self) -> str:
          ...
  
      @abstractmethod
      def validate(self, content: str, **kwargs) -> ValidationResult:
          ...
  
      @abstractmethod
      def parse_metadata(self, content: str, **kwargs) -> Dict[str, Any]:
          ...
  
      @abstractmethod
      def get_rule_files(self, repo_dir: str) -> List[str]:
          ...
  
      @abstractmethod
      def extract_rules_from_file(self, filepath: str) -> List[str]:
          ...
  
      @abstractmethod
      def find_rule_in_repo(self, repo_dir: str, rule_id: int) -> str:
          ...

• New Formats Added
  In addition to the existing formats, this release introduces:

  • crs format
  • elastic format
  • nova format

  These new formats follow the same RuleType interface, making it easy to add even more formats in the future.

• API Updates
  The API has been updated to handle these new formats seamlessly, including creation, validation, and retrieval of rules.

• Benefits

  • Cleaner, maintainable, and extensible code.
  • Easier to add new formats without breaking existing functionality.
  • Centralized validation and metadata extraction for all rule types.

This release sets the foundation for a flexible multi-format rule engine and prepares the system for future expansions.

Rulezet v1.0.0

What's new in Rulezet v1.0.0

User Management

Admin panel to manage users

Users can favorite rules for easy access

Rule Lifecycle

Create, edit, and delete detection rules (yara , suricata, zeek, sigma ) 

Assign and transfer rule ownership

Search & Browse

Smart search bar and filtering system

Detailed rule view with copy/download options

Community Collaboration

Suggest modifications via pull-request style edits

Evaluate and vote on rules

Comment and discuss detection strategies

GitHub Integration

Import detection rules directly from public GitHub repositories

Rule Validation

Automatic validation of imported rules

Display and manage malformed or invalid rules