LOLAPI

Contributing to LOLAPI

Help us expand the catalog and improve detection strategies

How to Contribute

All contributions must follow our quality standards and go through peer review. Thank you for helping improve LOLAPI!

1. Add a New API

To add a new API to LOLAPI:

  1. Fork the repository
  2. Create a new YAML file in the yaml/ directory
  3. Follow the schema in schema/lolapi.schema.json
  4. Validate your entry: python3 bin/validate.py -v
  5. Submit a pull request with a clear description

2. Quality Standards

All submissions must meet these standards:

  • API details are accurate and verified
  • At least one abuse scenario with code example
  • Detection strategies for each abuse scenario
  • MITRE ATT&CK technique mapping
  • Risk assessment with justification
  • Real-world campaign or threat intelligence references
  • YAML validates against schema

3. Code Examples

Code snippets in abuse scenarios must be:

  • • Tested and functional
  • • Realistic representations of real attacks
  • • Properly commented
  • • Include context (what it does, how it's detected)

4. Detection Strategies

Detection strategies should include:

  • • Vendor/platform (e.g., Microsoft Defender, Splunk)
  • • Specific capability or query
  • • Effectiveness assessment (high/medium/low)
  • • Notes on false positives or blind spots

5. Peer Review Process

After you submit a PR:

  1. Automated validation checks run
  2. Community members review your submission
  3. Feedback and discussion in the PR
  4. Revisions may be requested
  5. Merge once approved

Other Contribution Types

📚 Documentation

Improve guides, add examples, or clarify documentation. Submit changes via pull request.

🔍 Detection Rules

Add Sigma rules, Splunk SPL queries, or YARA rules to the detections/ directory.

🛠️ Tools & Scripts

Contribute Python tools for analysis, validation, or reporting against LOLAPI data.

🐛 Bug Reports

Found an error? Open a GitHub issue with detailed information about the problem.

💡 Ideas & Discussions

Have an idea? Start a discussion in GitHub Discussions to get feedback from the community.

Code of Conduct

We are committed to providing a welcoming and inspiring community for all. Please read and respect our Code of Conduct.

Be respectful, inclusive, and professional. Harassment, discrimination, or abusive behavior will not be tolerated.

Getting Help

Questions?

Post in GitHub Discussions or open an issue with your question.

View Discussions →

Need Help with YAML?

Check existing entries in the yaml/ directory for examples and formatting.

View Examples →

Attribution

All contributors are credited in the repository. When your contribution is merged:

  • • Your GitHub username is added to the entry
  • • You're listed in the project contributors
  • • Your contribution history is public on GitHub

Ready to Contribute?

Great! Start by forking the repository and reading the README for setup instructions.

Fork Repository →