Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Sigma - Generic Signatures for Log Events

Cooper via YouTube

Overview

Explore a comprehensive conference talk on Sigma, a generic signature format for log events, presented by Thomas Patzke at Hack.lu 2017. Discover how Sigma addresses the lack of standardization in log signatures, enabling efficient sharing and distribution across heterogeneous environments. Learn about the YAML-based format, open repository of signatures, and the extensible conversion tool that transforms Sigma signatures into various query languages. Gain insights into use cases, rule examples for threat detection, challenges in rule conversion, and the project's development community. Understand the potential impact of Sigma on threat hunting, incident analysis, and SIEM system interoperability. Delve into specific examples of rules for detecting Mimikatz, WCE, webshell reconnaissance, and suspicious login attempts. Explore the current state of the project and future plans for enhancing log-based threat detection and analysis.

Syllabus

Intro
Log Monitoring
Problems!
It's open source!
Rule Format
Rule Example: Mimikatz Detection
WCE Detection
Rule Example: Webshell Reconnaissance Activity
Rule Example: Relevant AV Events
Rule Example: Suspicious Login Attempts
Example: Django Exceptions
Challenges in Rule Conversion
Sigma Converter Configurations
Conversion Process
Backend Implementation: Splunk
Contributors and Community
Current State and Future Work
Questions?

Taught by

Cooper

Reviews

Start your review of Sigma - Generic Signatures for Log Events

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.