How to create Sigma detection rules/alerts for custom logs (365 Defender) ? #14520
Replies: 1 comment
-
|
I found solution, it's solved. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Under Sigma rules there are no "Logsource - Product" category available for 365 Defender logs.
These 365 Defender logs are not available under "Logsource - Product -> Windows OR m365" category.
How can I create custom sigma rules using these logs ? I don't know how to define product and service fields in Sigma rule:
--- sigma rule ---
logsource:
product: ???
service: ???
Beta Was this translation helpful? Give feedback.
All reactions