Sigma is a generic and open signature format for SIEM systems. It allows you to describe relevant log events straightforwardly. The rule format is very flexible, easy to write, and applicable to any log file type. This project’s primary purpose is to provide a structured form in which researchers or analysts can describe their once developed detection methods and make them shareable with others. Sigma means to be an open standard in which such detection mechanisms can be defined, shared, and collected to improve everyone’s detection capabilities.
With this integration, you have the ability to convert your SIEM Signatures to Sigma Signatures, a generic and open signature format that allows you to describe relevant log events in a straight -forward manner. Standardizing signature formats, allows for:
- Describe your detection method in Sigma to make it shareable within your organization and the wider community
- Write your SIEM searches in Sigma to avoid a vendor lock-in, down the road you may need to migrate SIEM’s and by converting to Sigma, you avoid a messy migration process
- Share the signature in the appendix of your analysis along with IOCs and YARA rules
- Share signatures with analysts from other organizations via the Common Community, this allows you to share Signatures even though you may not have the same exact technology stack
- Provide Sigma signatures for malicious behavior in your own application
The following actions are available:
- Convert Rule - Convert a Sigma rule to a desired SIEM output format.
This listing can be found in the ThreatConnect App Catalog under the name Sigma.
Built By ThreatConnect