The Detection Rule License (DRL) is a license for open-source detection logic as shared in, e.g. YARA, Sigma, or Snort rules.
It is very permissive and allows the private and commercial use of the detection logic as long as the rule's author is mentioned in the reproduction of the rules and an output showing matches with the licensed rule.
One could also say: "You can do anything with the rule as long as you give credit to the author."
The attribution is also required when showing matches with the detection rules licensed under the DRL. Vendors using a rule licensed under DRL must include the author in views that show matches. (e.g., in a separate field or column)
The full license text can be found here.
This location will not change and can be used in order to link to the license text.
| Characteristic | Value |
|---|---|
| Based on | MIT license |
| Distribution | Yes |
| Modification | Yes |
| Private Use | Yes |
| Commercial Use | Yes |
| Liability | No |
| Warranty | No |
| License and Copyright Notice | Yes |
| Author Attribution | Required |
May 2021, Extended the section that contains the requirements regarding matches with a licensed rule (changes)
February 2020, Initial version