702 B
702 B
Sigma Rules
An abstracted yaml configuration setup which can be converted into multiple queries like Splunk, Kibana, Yara etc. ...
Fields
A minimal configuration should contain at least the following fields
- title
- id
- status
- description
- logsource
- detection
Additional fields may be
- falsePostivives
- levels
- tags
Transform Modifiers
A detection selection can be refined through setting a pipe | followed by the modifier contains, endswith, startswith and all.