Version: Next

🧪 Alchemies

⚡ Dynamic Recipe System

Define detection rules in YAML format instead of relying only on built-in hardcoded recipes. Create custom detection patterns with hot reload support and comprehensive validation.

🎯 Key Features

🔄 Dynamic Loading

Load recipes on-the-fly without system restart.

🔥 Hot Reload

Update rules without restart - changes apply automatically.

📦 Built-in Recipes

Pre-configured detection patterns shipped with Jibril.

✅ Validation

Automatic rule verification ensures correctness.

🎯 Multiple Types

File access, execution, and network peer detections.

💡 Tip: Check out Jibril's public recipes repository at https://github.com/garnet-org/jibril-recipes for community-contributed detection rules.

📚 Documentation

⚙️

Enable Alchemies

Configuration and setup guide

🛠️

Create Recipes

YAML recipe structure and examples

📖

Recipes Reference

Complete field reference guide

📦

Built-in Recipes

Pre-configured detection patterns

🏛️ Architecture

The alchemies system consists of several key components:

Alchemy - The YAML representation of a detection recipe
Recipe - The runtime detection rule generated from an alchemy
Monitor - Watches external directories for YAML file changes
Validation - Ensures recipe configurations are correct

🔄 Monitoring and Hot Reload

When using external recipe directories with the path option, the alchemies system automatically:

✅ Monitors the directory for changes
✅ Loads new YAML files when added
✅ Reloads modified files
✅ Removes recipes when files are deleted
✅ Validates all changes before applying

✅ Best Practices

📝 Use Descriptive Names

Recipe kind and name should clearly indicate what they detect.

🎯 Set Appropriate Limits

Use times entries to reduce false positives.

🧪 Test Thoroughly

Start with enabled: false and test before enabling.

📚 Document Well

Include links to documentation explaining detection logic.

🔀 Version Control

Track recipe files in git for change management.

📁 Organize by Type

Group similar recipes in subdirectories.

🔧 Common Issues

Recipe Not Loading

Check YAML syntax
Verify all required fields are present
Look for validation errors in logs

Too Many Alerts

Adjust times limits
Add arbitrary filters
Use more specific patterns

Missing Detections

Verify enabled: true
Check file/network patterns match
Ensure correct file_actions are specified

Debug Tips

Set log-level: debug in config.yaml
Check logs for activating and deactivating messages
Validation errors appear as ignoring errored recipe

⚡ Dynamic Recipe System

🎯 Key Features​

🔄 Dynamic Loading​

🔥 Hot Reload​

📦 Built-in Recipes​

✅ Validation​

🎯 Multiple Types​

📚 Documentation​