It looks like you're new here. If you want to get involved, click one of these buttons!
Has AlienVault, or any other forum members looked into Sigma?
This is a project to push for use of a generic signature format for searches, signatures, detection and alerting and already is a supported feature in MISP, Elasticseach, Kibana, Logpoint, Splunk and there are other integrations for other SIEMS such as ArcSight.
The rules are written in YAML and are very easy to understand.
AlienVault USM/OSSIM would greatly benefit from this with correlation directive building.
Anyone have any feedback on this?