You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Sigma is a generic and open signature format that allows you to describe relevant log events in a straightforward manner. The rule format is very flexible, easy to write and applicable to any type of log file. The main purpose of this project is to provide a structured form in which researchers or analysts can describe their once developed detection methods and make them shareable with others.
Sigma is for log files what Snort is for network traffic and YARA is for files.
OpenSearch Security Analytics plugin uses Sigma. Malcolm actually includes this plugin just because it's part of OpenSearch, but we're not really doing anything with it.
I think Elastic SIEM does as well (?)
The text was updated successfully, but these errors were encountered:
The current sigmac is going to be deprecated by the end of the year. If you start with this now, I would highly recommend going the pySigma route. That said, I don't know whether the Elasticsearch backend also supports OpenSearch.
You could also consider writing a transpiler, as we did in VAST.
How could Malcolm integrate sigma?
Sigma:
The text was updated successfully, but these errors were encountered: