Glossary

Sigma Rules

Sigma is a universal language for detection rules - write once, run on any SIEM.

What is Sigma Rules?

Open standard for writing detection rules that can be converted to various SIEM formats.

Why Should You Care?

Sigma enables portable detections. Rules can be shared across the community and converted to any platform.

Is your business exposed?

Real-World Example

A Sigma rule for detecting Mimikatz is converted to Splunk, Elastic, and Microsoft Sentinel formats.

How to Protect Against Sigma Rules

  1. 1.

    Adopt Sigma for detection rule development

  2. 2.

    Contribute Sigma rules to community

Related Terms

Detection Engineering, Siem, Yara

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices