Graylog and Sigma rules

Dfg · June 2, 2018, 5:46pm

Now I found the project Sigma (Generic Signature Format for SIEM Systems)

Graylog has support (convert generic Sigma rules into Graylog search queries)

What is the best way to load sigma rules for sysmon into the Graylog?
Create for example new stream “sigma-alert”.

jan · June 5, 2018, 6:51am

Sigma rules generate a search query to be used in Graylog.

You would just use the created searches on your already given data and might save them as ‘saved searches’

system · June 19, 2018, 6:51am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Special Challenge: How to use #sigma rules Graylog Tech Challenges	4	1395	October 22, 2021
Sigma and Graylog Graylog Add-ons sidecar , winlogbeat	4	2257	June 26, 2019
Graylog, sysmon and pipeline rules found on this forum (still applies ? ) Graylog Central (peer support) pipeline-rules , sidecar , winlogbeat	3	899	January 18, 2022
Sysmon Script not pulling in logs Graylog Central (peer support) pipeline-rules , sidecar , winlogbeat	2	1842	June 26, 2019
Graylog + nxlog + sysmon Graylog Central (peer support) pipeline-rules , sidecar , winlogbeat	7	2113	June 4, 2019