# Sigma Rules

An abstracted yaml configuration setup which can be converted into multiple queries like Splunk, Kibana, Yara etc. ...
* [SigmaHQ's repo](https://github.com/SigmaHQ/sigma.git)


## Fields

A minimal configuration should contain at least the following fields
* title
* id
* status
* description
* logsource
* detection

Additional fields may be
* falsePostivives
* levels
* tags

## Transform Modifiers

A detection selection can be refined through setting a pipe `|` followed by the modifier `contains`, `endswith`, `startswith` and `all`.

## Tools

* [sigma-cli](https://github.com/SigmaHQ/sigma-cli)
* [pySigma](https://github.com/SigmaHQ/pySigma)
* [Uncoder.io](https://uncoder.io/)