Sigma is a rule format for threat detection in log files. It is for log data what "Snort rules" are for network traffic or "YARA signatures" are for file data. It is easy to write and read. Writing a Sigma rule is a matter of minutes. On the right you can see a simple...
Sigma is an open standard for rules that allow you to describe searches on log data in generic form. These rules can be converted and applied to many log management or SIEM systems and can even be used with grep on the command line. In this article I'd like to give...
Some of you may already have heard of Sigma, a generic approach for signatures used in SIEM systems. Its main purpose is to provide a structured form in which researchers or analysts can describe their once developed detection methods and make them shareable with...