Sigma-to project refers to converting sigma rules to something which we use in enterprise environment.
Sigma is Generic Signature Format for SIEM Systems written by Florian Roth @Neo23x0 and Thomas Patzke. All the sigma rules are available at:- https://github.com/Neo23x0/sigma
Sigma is a generic and open signature format that allows you to describe relevant log events in a straight forward manner. Sigma is for log files what Snort is for network traffic and YARA is for files.
This repository contains: Organized and simplified spreadsheet containing all the sigma rules and their conversion/translation to various SIEM vendors. Vendors such as Splunk, Qradar, Arcsight and Elasticsearch are included. The spreadsheet contains search queries compatible with respective SIEM vendors.
- SIGMA-to-SPLUNK
- SIGMA-to-QRADAR
- SIGMA-to-ARCSIGHT
- SIGMA-to-ELASTICSEARCH
No scripting, No conversion process, it's a readily available spreadsheet. Kindly refer directly to the search queries for Threat hunting in your environment.
Spreadsheet is also available online via google sheets:- https://docs.google.com/spreadsheets/d/1mY6BGYZgwPH3UiVAdxU4Hraa9n1gFLXSMcR_5mhs0GE/edit?usp=sharing