What is SIGMA
SIGMA
SIGMA is a generic and open signature format that allows you to describe relevant log events in a straight forward manner. The rule format is very flexible, easy to write and applicable to any type of log file. The main purpose of this project is to provide a structured form in which researchers or analysts can describe their once developed detection methods and make them shareable with others.
Sigma’s repository lives here: https://github.com/Neo23x0/sigma
The project was created by Thomas Patzke (@blubbfiction) and Florian Roth (@cyb3rops) with collaboration and feedback from fellow analysts. Nowadays people from all over the world contribute to the project with new rules and the trend is rasing.
We will only mention a few characteristics of the project since the repo contains most of the information you will need.
Projects or Products that use Sigma
- MISP (since version 2.4.70, March 2017)
- SOC Prime - Sigma Rule Editor
- uncoder.io - Online Translator for SIEM Searches
- THOR - Scan with Sigma rules on endpoints
- Joe Sandbox
- ypsilon - Automated Use Case Testing
- RANK VASA
- TA-Sigma-Searches (Splunk App)
Sigma Infographic
