Graylog and Sigma rules


#1

Hi!
I collect raw logs from sysmon to the stream “sysmon-logs”
like here
https://www.graylog.org/post/back-to-basics-enhance-windows-security-with-sysmon-and-graylog

Now I found the project Sigma (Generic Signature Format for SIEM Systems)

Graylog has support (convert generic Sigma rules into Graylog search queries)

What is the best way to load sigma rules for sysmon into the Graylog?
Create for example new stream “sigma-alert”.


(Jan Doberstein) #2

Sigma rules generate a search query to be used in Graylog.

You would just use the created searches on your already given data and might save them as ‘saved searches’


(system) #3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.