sigma
Log event descriptor
A standardized format for describing log events to facilitate detection and analysis of security threats
Main Sigma Rule Repository
8k stars
346 watching
2k forks
Language: Python
last commit: about 1 month ago
Linked from 7 awesome lists
elasticsearchidsloggingmonitoringsecuritysiemsignaturessplunksysmon
meirwah/awesome-incident-response
fabacab/awesome-cybersecurity-blueteam
0x4d31/awesome-threat-detection
infosecb/awesome-detection-engineering
jatrost/awesome-kubernetes-threat-detection
karneades/awesome-malware-persistence
spacial/awesome-systoolsRelated projects:
| Repository | Description | Stars |
|---|---|---|
 wagga40/zircolite | A standalone tool for analyzing and detecting security-related events in various Linux logs using SIGMA rules | 684 |
 securityriskadvisors/talr | A repository for collecting and sharing SIEM rules in STIX format for automated translation to Sigma syntax | 90 |
 threathunters-io/laurel | Converts Linux audit logs into standardized JSON format for enhanced security monitoring | 722 |
 dunnock/react-sigma | A lightweight React library for drawing network graphs on web pages | 261 |
 yamato-security/enablewindowslogsettings | Enables Windows event log settings to support a larger percentage of Sigma detection rules and retain logs for longer periods | 571 |
 muchdogesec/sigma2stix | Converts Sigma Rules into STIX 2.1 objects | 7 |
 confluentinc/confluent-sigma | A tool for analyzing and visualizing log events using structured rules | 53 |
 nshalabi/sysmontools | Utilities for analyzing and visualizing Windows event logs from Sysmon, helping users track and monitor system activity. | 1,492 |
 retracedhq/retraced | Provides a searchable, exportable record of read/write events | 365 |
 santiyounger/cobra | A customizable theme for Logseq note-taking software | 51 |
 karimhabush/cyberowl | Provides daily summaries of frequently reported security advisories from various sources | 249 |
 thiber-org/userline | Automates analysis of Windows Security Events to identify user logon relations | 241 |
 jpcertcc/sysmonsearch | Analyzes Sysmon event logs to detect suspicious activity and visualize process and network correlations. | 419 |
 brexhq/substation | A toolkit for routing, normalizing, and enriching security event logs across the cloud | 332 |
 dogoncouch/logesp | A security-focused application built with Python Django to manage and analyze log data from various sources. | 198 |