sigma-rules

There are 3 repositories under sigma-rules topic.

• ion-storm / sysmon-config

  Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.

  sysmonthreatintelthreat-huntingnetsecsysinternalslogginggrayloggraylog-plugindfirthreat-intelligencethreat-sharingthreat-analysismitre-attackdigitalforensicsforensic-analysisforensicartifactsforensicssiemsigma-ruleshumio
  Language:PowerShell 812

• wagga40 / Zircolite

  A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

  auditddetectionevtxevtxtractforensicsforensics-toolspysigmapython3sigmasigma-rulessysmon
  Language:Python 750

• Elemental-attack / Elemental

  Elemental - An ATT&CK Threat Library

  sigma-rulesmitre-attackatomicredteamattack-defenseattack-detectionthreat-intelligence
  Language:HTML 320
• IOK

  phish-report / IOK

  IOK (Indicator Of Kit) is an open source language and ruleset for detecting phishing threat actor tools and tactics

  phishingphishing-detectionphishing-kitsigma-rules
  Language:Go 189

• krdmnbrk / AttackRuleMap

  Mapping of open-source detection rules and atomic tests.

  atomicredteamdetection-engineeringsigma-rulessplunk
  183

• nasbench / SIGMA-Resources

  Resources To Learn And Understand SIGMA Rules

  sigmarulesdetectiondetection-engineeringsigma-rulesresourceslearningwindowslinuxawesome
  181

• blackberry / threat-research-and-intelligence

  BlackBerry Threat Research & Intelligence

  artificial-intelligenceiocsmachine-learningresearchsigma-rulessuricata-rulesthreatintelligenceyara-rules
  Language:Jupyter Notebook 99

• 3CORESec / S2AN

  S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator

  mitre-attacksigmasigma-rulessuricatasuricata-rulesthreat-huntingthreat-modeling
  Language:C# 89

• AttackIQ / SigmAIQ

  A pySigma wrapper and langchain toolkit for automatic rule creation/translation

  detection-engineeringlangchainllmpython3securitysecurity-toolssigmasigma-rules
  Language:Python 86
• ThreatHunting-Keywords-sigma-rules

  mthcht / ThreatHunting-Keywords-sigma-rules

  Sigma detection rules for hunting with the threathunting-keywords project

  blueteamdetection-engineeringdetection-rulessiemsigma-rulesthreat-detectionthreat-huntingthreathuntingdfirforensicartifactsmitre-attack
  Language:Python 56

• u-siem / u-siem-core

  Framework definitions that allow to build a custom SIEM.

  siemsecurityrustsigma-rules
  Language:Rust 28

• sysflow-telemetry / sf-processor

  SysFlow edge processing pipeline

  analyticsfalcofalco-rulespluginsreal-timerulesrules-enginesigmasigma-rulesopen-telemetryotelotel-agent
  Language:Go 17

• marirs / sigma-convert

  Convert Sigma Rules to different formats

  rust-craterust-langsigmasigma-rulessigma-convert
  Language:Rust 12
• sigma2stix

  muchdogesec / sigma2stix

  [ARCHIVED -- USE TXT2DETECTION] A command line tool that converts Sigma Rules into STIX 2.1 Objects.

  sigma-rulesstix2
  Language:Python 12

• RussianPanda95 / Sigma-Rules

  Repository of Sigma Rules

  malware-detectionmalware-researchsigma-rulestechnique-detection
  9

• wikijm / ConvertSigmaRepo2SentinelOnePQ

  Scripts played by GitHub Actions that converts Sigma rules to SentinelOne PowerQuery via PySigma.

  github-actionssentinelonesentinelone-singularitysigmasigma-rules
  Language:Python 9

• dan21san / sigma-tactics-organizer

  Script that organize Sigma rules by MITRE | ATT&CK tactics and techniques.

  mitre-attackorganizersigma-rules
  Language:Python 6

• xFFninja / happy_threat_hunting

  Threat Hunting

  detectionkqlsiemsigma-rulesthreathunting
  6

• mf1d3l / HayabusaToWinEventLog

  Hayabusa to the SIEM made easy

  hayabusaincident-responsesiemthreat-huntingdetection-engineeringsigma-rulesblue-team
  Language:PowerShell 4

• whichbuffer / Threat-Detection-Rules

  Threat Detection Repository - YARA / SIGMA rules

  ctidetectiondetection-engineeringmalwaremalware-analysissigma-rulesyara-rules
  Language:YARA 4

• bradleyjkemp / sigmadoc

  A static site generator for @SigmaHQ rules

  sigmasigma-rules
  Language:JavaScript 3

• j91321 / sigma-playground

  Simple browser playground for Sigma rule format.

  sigmasigma-rulesmonaco-editorpyodidesiemsecurityloggingsysmonelasticsearchsplunk
  Language:Vue 3

• sansan-monkey / hunting-rules

  Threat Hunting Rules - work in progress

  malware-analysissigma-rulesthreat-detectionthreat-huntingyara-rules
  3

• subhranshuchoudhury / sigma-rules-api

  Sigma rules fun API. A restful API which contains most funny sigma rules. Sigma-rule-api made by subhranhsu sekhar choudhury.

  api-restnode-applicationrestful-apisigma-rulesigma-ruleswebapplicationsigma-rules-apisubhranshu-sekhar-choudhurymen-sigma-rules-api
  Language:EJS 3
• sigma-rules

  vVv-Keys / sigma-rules

  WARNING - DO NOT USE IF YOU DON'T KNOW WHAT YOU'RE DOING!

  sigma-rules
  Language:PowerShell 3

• arblade / nyx

  a new network detection format (sigma like but for network)

  network-detectionsigma-rulessnortsuricata
  Language:Python 2
• Palantir-Threat-Detection

  NemesisCyberForce / Palantir-Threat-Detection

  **Palantir Threat Detection: Open SIEM Labs with Sigma Rules** This repository is intended for educational and research purposes only. It is not a 100% protection against Palantir-related activity or any other advanced threats. Security is about reducing risk, not eliminating it.

  minervapalantirpolissiemsigma-rulesthreat-detectionthreat-huntingthreat-intelligenceatlas-nexusbda-analytikvs-datariumcybersecurityredteamredteamingsecurityelastic-securitywazuhdfirosintsplunk
  Language:Python 2

• pop-ecx / sigma_picker.nvim

  Pick and convert to specific backends for sigma rules within neovim

  luaneovimnvimnvim-pluginsigma-rulescybersecurityblueteamcyberdefense
  Language:Lua 2

• AndreSantagati / ETNA

  🌋 ETNA - Enhanced Threat Network Analysis | Sicilian-inspired automated threat hunting platform with MITRE ATT&CK integration

  blue-teamcybersecuritymitre-attacksecurity-automationsicilysigma-rulessocthreat-huntingthreat-intelligence
  Language:Python 1

• colvert-project / colvert

  Manage your detection use cases portfolio

  djangodjango-applicationdjango-projectmanagementmitre-attackpythonpython3socdetection-use-casescolvertcertcsirtcsirt-activitiescsirt-toolingbootstrap5siemsiem-toolsdetection-rulessigmasigma-rules
  Language:Python 1

• ghoshzsh / active-directory-event-detection-handbook

  The Active Directory Event Detection Guide is a comprehensive resource developed to enhance the detection and monitoring of critical Active Directory (AD) events using Splunk. This guide is intended for cybersecurity professionals, system administrators, and incident responders aiming to boost visibility into AD activities and strengthen their orga

  active-directorypowershellsigma-rulessplunkcalderawindows
  1

• GodFWarsion / RansomTrace

  Ransomware Detection and Analysis Framework

  csharpincident-responsemalware-analysisransomwaresigma-rulesyara-rules
  Language:C# 1

• m4pol / hunting-rules-repository

  This repository contains a collection of threat hunting rules.

  threat-huntingthreat-hunting-via-yara-rulesyarasigma-rules
  Language:YARA 1

• picassoendless / healthcare-sigma-rules

  This repository contains Sigma detection rules tailored to protect the healthcare sector from cyber threats such as ransomware, phishing, and insider attacks.

  healthcare-aipowershellsigma-ruleswindowssiemsplunk
  1

• pop-ecx / sigma-ls

  A minimal language server to help in writing sigma rules

  language-server-protocolneovimsigma-ruleslspdetection-engineering
  Language:Python 1

• vincenzocaputo / sigma-lookup

  A Python command-line tool for quickly searching Sigma rules.

  mitre-attacksigma-rulesthreat-hunting
  Language:Python 1