README
Sigma - Generic Signature Format for SIEM Systems
Welcome to the Sigma main rule repository. The place where detection engineers, threat hunters and all defensive security practitioners collaborate on detection rules. The repository offers more than 3000 detection rules of different type and aims to make reliable detections accessible to all at no cost.
Currently the repository offers three types of rules:
- Generic Detection Rules - Are threat agnostic, their aim is to detect a behavior or an implementation of a technique or procedure that was, can or will be used by a potential threat actor.
- Threat Hunting Rules - Are broader in scope and are meant to give the analyst a starting point to hunt for potential suspicious or malicious activity
- Emerging Threat Rules - Are rules that cover specific threats, that are timely and relevant for certain periods of time. These threats include specific APT campaigns, exploitation of Zero-Day vulnerabilities, specific malware used during an attack,...etc.
- Compliance Rules - Are rules that help you identify compliance violations based on well known security frameworks such as CIS Controls, NIST, ISO 27001,...etc.