A typical corporate network consists of hundreds or thousands of devices generating millions of lines of logs pouring in every minute. What can make it possible, then, for SOC and threat intel analysts to sift through all this flow of information efficiently and separate malicious activity from daily noise in an automated fashion?
This is where Sigma rules come in handy.
What are sigma rules?
Sigma rules are textual signatures written in YAML that make it possible to detect anomalies in your environment by monitoring log events that can be signs of suspicious activity and cyber threats. Developed by threat intel analysts Florian Roth and Thomas Patzke, Sigma is a generic signature format for use in SIEM systems. A prime advantage of using a standardized format like Sigma is that the rules are cross-platform and work across different security information and event management (SIEM) products. As such, defenders can use a “common language” to share detection rules with each other independent of their security arsenal. These Sigma rules can then be converted by SIEM products into their distinct, SIEM-specific language, while retaining the logic conveyed by the Sigma rule.
More Stories
Kryptina Ransomware Resurfaces in Enterprise Attacks By Mallox
Kryptina, a free Ransomware-as-a-Service tool available on dark web forums, is now being used by Mallox ransomware affiliates Read More
Hacking the “Bike Angels” System for Moving Bikeshares
I always like a good hack. And this story delivers. Basically, the New York City bikeshare program has a system...
Vulnerabilities Found in Popular Houzez Theme and Plugin
The flaws are dangerous as the Houzez theme and Login Register plugin could allow privilege escalation by unauthenticated users Read...
Russian Cyber-Attacks Home in on Ukraine’s Military Infrastructure
An overall rise in cyber incidents coming from Russian-aligned adversaries in 2024 was accompanied by a decrease in high and...
Quantum Computing and Cybersecurity – Preparing for a New Age of Threats
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of...
LinkedIn Pauses GenAI Training Following ICO Concerns
The Information Commissioner’s Office says it’s pleased that LinkedIn has temporarily suspended its generative AI model training Read More