I'm searching for prebuild rules for elastic SIEM, i found that i can use elastic provided rules :
But i would like to know if there is any other source to get pre build rules for elastic SIEM, for example rules for fortigate, sophos firewalls and other network devices.
Thanks in advance.
Tarek, I'm not aware of any third-party provider of rules for our detection engine and we encourage community and industry members to contribute to the detection-rules repository. This project is open to the community, which enables anyone to submit rules. If you've developed rules for network appliances, consider a pull request using our accessible process. Each release, I consider community feedback like yours to help address needs of members - we don't have plans to integrate Fortigate or Sophos data sources in a near-term release.
Here you can find prebuilt rules based on SIGMA
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.