TL;DR 🚀 I shipped detflow to PyPI — an open-source, vendor-neutral detection-engineering copilot . It does the four things I found myself re-implementing inside every detection-as-code workflow: draft a detection from plain English (as Sigma or Cortex XSIAM XQL ), lint it offline, find overlaps against the rules you already run, and review it like a senior detection engineer. 🛡️ 2 formats draft & review in Sigma or Cortex XQL — one portable, one native 1 protocol bring any model: an OpenAI-compa