Sigma Alternatives

sigma reviews and mentions

• Sigma rules in real life
  1 project | /r/cybersecurity | 14 Oct 2023

  Sigma rules https://github.com/SigmaHQ/sigma its value, I get it. Here’s a post https://www.linkedin.com/posts/nasreddinebencherchali_detection-blueteam-sigma-activity-7104868070069817344-mn91?utm_source=share&utm_medium=member_desktop detailing that 31 Sigma rules from the Sigma repository are triggering on different stages of the attack as described here https://thedfirreport.com/2023/08/28/html-smuggling-leads-to-domain-wide-ransomware/

• Looking for feedback on a security-related project idea
  2 projects | /r/AskNetsec | 5 Jul 2023

  Idea: A free and open-source web repository of Sigma detections where users can find, contribute, and suggest edits to detections. All user contributions will go through a StackExchange-style moderation queue. Built-in conversion from Sigma to the query language of your choice.

• SOC SIEM Use Cases for First Internship
  1 project | /r/cybersecurity | 10 Jun 2023

  If you want more ideas/inspiration, or even just a starting point for baseline rule logic check out https://github.com/SigmaHQ/sigma https://github.com/SigmaHQ/sigma and look into the different rules folders there.

• How do you actually threat hunt?
  3 projects | /r/cybersecurity | 30 May 2023

  Agreed in general. But with stuff like SIGMA, I'd lean towards stuff should going into git. Better version control, your docs can be markdown and live right next to your threat library, you can strap on CI/CD (so you can deploy/run stuff as part of a pipeline). Confluence is a great start, but it doesn't scale well.

• Open Source SIEM Tools
  1 project | /r/HackProtectSlo | 4 May 2023
• Detection Engineering Source Websites
  1 project | /r/cybersecurity | 26 Apr 2023

  Have a look a sigma rules: https://github.com/SigmaHQ/sigma

• Scheduling query to look for whenever net group is ran.
  1 project | /r/sophos | 20 Apr 2023
• Scheduling querying that looks for anytime net group is ran.
  1 project | /r/sophos | 20 Apr 2023
• 3CX Customers suffering intrusions
  1 project | /r/blueteamsec | 29 Mar 2023

  Sigma: https://github.com/SigmaHQ/sigma/pull/4151/files Yara: https://github.com/Neo23x0/signature-base/blob/master/yara/gen\_mal\_3cx\_compromise\_mar23.yar source: https://twitter.com/cyb3rops/status/1641130326830333984?s=20

• Any Suggestions On Creating A Detection Rule In Defender For CVE-2023-23397
  1 project | /r/DefenderATP | 20 Mar 2023

  I created a Defender Advanced Hunting query based of the Sigma rule https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/proc_creation_win_rundll32_webdav_client_susp_execution.yml

• A note from our sponsor - SaaSHub
  www.saashub.com | 10 Jul 2025

  SaaSHub helps you find the best software and product alternatives Learn more →