SIgma rules for Elastic SIEM

kmz161 · March 26, 2021, 8:42am

Hello!

I need to use Sigma rules repo for my SIEM.
How I can translate sigma to elastic? And how I can perform auto update sigma rules?

dplumlee · March 26, 2021, 8:26pm

Hi @kmz161

We don't currently offer native support for rule converting like that, but there are some 3rd party tools such as 3CoreSec that would be exactly what you're looking for

austinsonger · March 28, 2021, 5:24pm

You can start here

kmz161 · March 29, 2021, 7:39am

Hello!

Thanks for answer!

Felix_Roessel · April 3, 2021, 4:42am

I've added a first set of Sigma rules here.. more to follow:

system · May 1, 2021, 4:42am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
SIEM prebuilt rules SIEM	3	709	June 30, 2021
SIEM rules advice Elastic Security	5	399	December 31, 2021
Upgrading/Updating SIEM rules SIEM	3	544	March 24, 2022
Import rules from public detection rules repo SIEM	3	1656	September 15, 2020
Update detection rules from elastic github repository to on-premises SIEM	3	669	September 1, 2020

SIgma rules for Elastic SIEM

Related topics