sigma
Log event descriptor
A standardized format for describing log events to facilitate detection and analysis of security threats
Main Sigma Rule Repository
8k stars
345 watching
2k forks
Language: Python
last commit: 6 days ago
Linked from 7 awesome lists
elasticsearchidsloggingmonitoringsecuritysiemsignaturessplunksysmon
meirwah/awesome-incident-response
fabacab/awesome-cybersecurity-blueteam
0x4d31/awesome-threat-detection
infosecb/awesome-detection-engineering
jatrost/awesome-kubernetes-threat-detection
karneades/awesome-malware-persistence
spacial/awesome-systoolsRelated projects:
| Repository | Description | Stars |
|---|---|---|
 wagga40/zircolite | A standalone tool for analyzing and detecting security-related events in various Linux logs using SIGMA rules | 680 |
 securityriskadvisors/talr | A repository for collecting and sharing SIEM rules in STIX format for automated translation to Sigma syntax | 89 |
 threathunters-io/laurel | Transforms Linux audit logs into standardized, human-readable format for security monitoring | 711 |
 dunnock/react-sigma | A lightweight React library for drawing network graphs on web pages | 261 |
 yamato-security/enablewindowslogsettings | Enables Windows event log settings to support a larger percentage of Sigma detection rules and retain logs for longer periods | 556 |
 muchdogesec/sigma2stix | Converts Sigma Rules into STIX 2.1 Objects | 3 |
 confluentinc/confluent-sigma | A tool for analyzing and visualizing log events using structured rules | 52 |
 nshalabi/sysmontools | Utilities for analyzing and visualizing Windows event logs from Sysmon, helping users track and monitor system activity. | 1,488 |
 retracedhq/retraced | Provides a searchable, exportable record of read/write events | 358 |
 santiyounger/cobra | A customizable theme for Logseq note-taking software | 51 |
 karimhabush/cyberowl | Provides daily summaries of frequently reported security advisories from various sources | 248 |
 thiber-org/userline | Automates analysis of Windows Security Events to identify user logon relations | 240 |
 jpcertcc/sysmonsearch | Analyzes Sysmon event logs to detect suspicious activity and visualize process and network correlations. | 417 |
 brexhq/substation | A toolkit for routing, normalizing, and enriching security event logs across the cloud | 329 |
 dogoncouch/logesp | A security-focused application built with Python Django to manage and analyze log data from various sources. | 197 |