top of page
logo malizen cybersecurité

The main Sigma rules

Updated: Aug 22, 2023


What is Sigma ? Sigma is a project presented as a generic and open signature format for SIEM detection rules. The idea is to provide a structured form in which researchers or analysts can describe their methods and share them with others.


Trying to uniformize detection rules used by SIEM seems to be a very technical thing to do. But, it is a very important step towards collaboration between teams in cybersecurity.

Having a database of generic SIEM detection rule would allow just about anyone to furbish their SIEM with relevant rules, without any concern for the technology they choose (or are imposed) and this may it be between analysts from big companies but different locations or as an open ressource for smaller companies that start taking cybersecurity seriously.


In addition, Sigma rules are a description of the rules, which makes them human readable and therefore verifiable. Sigma has also developed a converter that takes Sigma rules as input and transforms them into commonly used SIEM rules (Elastic, Splunk...).



Comments


logo Malizen

Follow our adventures !

  • Discorde
  • X
  • LinkedIn

Subscribe to our newsletter

Be notified every time we have news !

Thanks for subscribing !

By subscribing, I agree to the General Terms of Use and Privacy Policy.

bottom of page