SIGMA-Resources

Resources To Learn And Understand SIGMA Rules

SIGMA Specification

• Sigma Specification by SigmaHQ
• Anatomy of a Sigma Rule

Blogs

• Sigma Rule Creation Guide by SigmaHQ
• Introducing Generic Log Sources in Sigma by Thomas Patzkes
• A Guide to Generic Log Sources in Sigma by Thomas Patzkes
• How to Write Sigma Rules
• The Best Possible Monitoring with Sigma Rules
• What is Sigma? Threat Hunting in SIEM Products with Sigma Rules – Example Sigma Rules
• Threat Detection with SIGMA Rules

Cheat Sheets

• Sigma – Detection Expression

Slides

• Sigma - Generic Signatures for SIEM Systems by Florian Roth
• Threat Hunting with Application Logs and Sigma by Thomas Patzke
• Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021 by Florian Roth

Talks / Webinars

• Sigma - Generic Signatures for Log Events by Thomas Patzke
• Security Talks with SOC Prime: Implementing & Customizing SIGMA
• Security Talks with SOC Prime: All About SIGMA
• [SIGMA] 2.1 - Case Study 1 - Windows Event Logs - Background and Sample Rule by Applied Network Defense
• How to Level Up Your Threat Detection Practice by SANS

Courses

• Detection Engineering with Sigma by Applied Network Defense

Books

• Practical Threat Intelligence and Data-Driven Threat Hunting - Chapter 5 Include an Introduction to SIGMA Rules.

Rules Repositories

• SigmaHQ - Rules
• SOC Prime - Rules
• Joe Security - Rules
• Michel de CREVOISIER - Rules
• The DFIR Report - Rules

SIGMA Rules Converters

• UNCODER.IO
• SIGMAC
• SIGMA UI
• sigmaio - sigma in, anything out