I collect raw logs from sysmon to the stream “sysmon-logs”
Now I found the project Sigma (Generic Signature Format for SIEM Systems)
Graylog has support (convert generic Sigma rules into Graylog search queries)
What is the best way to load sigma rules for sysmon into the Graylog?
Create for example new stream “sigma-alert”.