• Support
  • Forums
  • Blogs

Directive Building - Sigma

kvvincentvalentinekvvincentvalentine

New Life Form
+3

Has AlienVault, or any other forum members looked into Sigma?

https://github.com/Neo23x0/sigma

This is a project to push for use of a generic signature format for searches, signatures, detection and alerting and already is a supported feature in MISP, Elasticseach, Kibana, Logpoint, Splunk and there are other integrations for other SIEMS such as ArcSight.

The rules are written in YAML and are very easy to understand.

AlienVault USM/OSSIM would greatly benefit from this with correlation directive building.

Anyone have any feedback on this?

Share post:

Comments

  • Yes, I want to know this too. Having come across Sigma, and the ability to translate this into various queries for various SIEMs,


    However the nearest I can get is Graylog Search.

    You could say the focus could be that Sigma is tweaked to export the info to Alienvault, but surely there needs to be some collaboration with Alienvault to make this happen?
Sign In or Register to comment.