mirror of
https://github.com/valitydev/SigmaHQ.git
synced 2024-11-07 01:45:21 +00:00
Generic Signature Format for SIEM Systems
images | ||
rules | ||
.gitignore | ||
LICENSE | ||
README.md |
Sigma
Generic Signature Format for SIEM Systems
What is Sigma?
Sigma is a generic and open signature format that allows you to describe relevant log events in a straight forward manner. The rule format is very flexible, easy to write and applicable to any type of log file. The main purpose of this project is to provide a structured form in which researchers or analysts can describe their once developed detection methods and make them shareable with others.
This repository contains:
- Sigma rule specification in the Wiki
- Open repository for sigma signatures in the
./rules
subfolder - Collection of converters that generate searches/queries for different SIEM systems [Pending]
Slides
See the first slide deck that I prepared for a private conference in mid January 2017.
Sigma - Make Security Monitoring Great Again
Specification
The specifications can be found in the Wiki.
The current specification can be seen as a proposal. Feedback is requested.
Next Steps
- Creation of a reasonable set of sample rules
- Release of the first rule converters for Elastic Search and Splunk
- Integration of feedback into the rule specifications
- Collecting rule input from fellow researchers and analysts
- Attempts to convince others to use the rule format in their reports, threat feeds, blog posts, threat sharing platforms