With this integration, you have the ability to convert your SIEM Signatures to Sigma Signatures, a generic and open signature format that allows you to describe relevant log events in a straight-forward manner. Standardizing signature formats, allows for:
- Describe your detection method in Sigma to make it shareable within your organization and the wider community
- Write your SIEM searches in Sigma to avoid a vendor lock-in, down the road you may need to migrate SIEM’s and by converting to Sigma, you avoid a messy migration process
- Share the signature in the appendix of your analysis along with IOCs and YARA rules
- Share signatures with analysts from other organizations via the Common Community, this allows you to share Signatures even though you may not have the same exact technology stack
- Provide Sigma signatures for malicious behavior in your own application
The following actions are available:
- Convert Rule – Convert a Sigma rule to a desired SIEM output format.
This listing can be found in the Dataminr App Catalog under the name Sigma.
