-
how to implementation and activation sigma rules on HELK ? can you give me tutorials about implementation sigma rules on HELK ? thank you
-
at the moment, "sigma plugins" are needed to convert sigma rules to Lucene queries since Gulp is ingesting documents in its own GulpDocument format, which renames most of the source event fields to EC…
-
hi RMML people,
the perfect addition would be a converter script to sigma (https://github.com/SigmaHQ/sigma) because then sigma could create rules for carbon black and many more security tools like…
-
**The rule will detect IAM user console login without MFA.**
title: AWS IAM user login without MFA
id: -
status: stable
description: IAM user login without MFA which will break security as well…
-
https://stackoverflow.com/questions/78876980/threat-detection-with-sysmon-csv-log-using-sigma-rules
-
#### Describe the problem
Every time I restart Elastalert, it overwrites any custom configuration I have in a rule. From what I can tell, the pull-sigma.sh script is re-converting the sigma rules e…
-
When creating a Sigma rule that is intended to be largely (but _not_ always) used with a correlation rule or could be used with multiple different correlation rules, there does not seem to be a good w…
-
**Is your feature request related to a problem? Please describe.**
My problem is that the Sigma rules are global for each of the sketches. In my case I have multiple unrelated timelines. I have a set…
-
**What is the bug?**
When creating a sigma rule with a detection criteria that use a Map with Modifier=CIDR, you will get this error message: _**"[security_analytics_exception] Invalid IPv4 CIDR ex…
-
## Description
Error when trying to import 3160 entities that are sigma rules
"An unknown error occurred. Please provide a [support package](https://demo.octi.filigran.io/dashboard/settings/suppo…