❄️ Winter break is the perfect time to brush up on your Sigma rules! ❄️ With Sigma Specification 2.0 rules, #security teams can create vendor-agnostic detections without being limited by proprietary log formats. 🙌

So, security teams now have:
✅ New fields and modifiers that improve how security teams use the rules
✅ Correlation specifications to extend rules to more sophisticated detections
✅ Filters that reduce false positives
✅ #JSON schema to allow automation

Learn more about the key changes in Sigma v.2.0 and supporting Sigma v2.0 mapped to MITRE ATT&CK framework.

https://graylog.org/post/sigma-specification-2-0-what-you-need-to-know/ #SigmaRules #CyberSecurity #SIEM #InfoSec

Sigma rule 😎🔥~ Understand the power of consistency.

#motivationalquotes #motivationalshorts #motivational #sigma #billionairelifestyle #sigmarules #sigmamale #lifelessons #valuablelessons #successmotivation #Quotes #ShareInspireQuotes

At #SIGMA project was split into two different projects a while back also accompanying a complete code rewrite-> the 2 projects are now #SIGMA and separately the #SIGMARULES

#hacklu2024

I have finally finished up the Sigma Room on TryHackMe. Super cool room that help me understand different IOCs (indicators of compromise). With it I have the write-up. Head over to my personal site or Medium to check it out:

#TryHackMe #SigmaRules #Sigma #SOCLevelTwoPath

https://haircutfish.com/posts/Sigma/

https://medium.com/@haircutfish/tryhackme-room-sigma-d70f9c606f93

Introducing Sigma Specification v2.0: https://blog.sigmahq.io/introducing-sigma-specification-v2-0-25f81a926ff0

#SigmaRules #detectionengineering

Threat Stack is where I started my security journey and I got into detection engineering there as well.

In light of the End-Of-Life announcement last year I decided to spearhead a project to open source our detection rules in the Sigma format and I'm proud to say that the project is complete! ​

https://github.com/F5Networks/aip-to-sigma

I've been a huge fan of Sigma ever since I learned about it and my hope is that these rules will be of use to both customers and the detection community as whole...even if there is some overlap with the main Sigma repo 😅​

#SigmaRules #Sigma #DetectionEngineering #ThreatDetection #Infosec #OpenSource

#Redfly #cyberespionage group continuously targets Asia's critical infrastructure sector with #ShadowPad #malware. Detect associated malicious activity with a set of #SigmaRules in the SOC Prime Platform.

https://socprime.com/blog/shadowpad-trojan-detection-redfly-hackers-apply-a-nefarious-rat-to-hit-national-power-grid-organization-in-asia/

#DFIR #threathunting #cyberattack #BlueTeam #threatdetection #infosec #APT

Check out our new blog series explaining frequent mistakes made while writing #SigmaRules.

The kickoff writeup from our #ThreatHunting Lead
@acalarch covers unintentional escaped wildcards.
Stay tuned!
https://socprime.com/blog/frequent-sigma-mistakes-series/ #BlueTeam #DetectionEngineering #SOC #Sigma

#UAC0057 sets eyes on Ukraine exploiting #WinRAR #zeroday #vulnerability (СVE-2023-38831) to spread #PicassoLoader and #CobaltStrike Beacon, as #CERTUA reports. Proactively detect #cyberattacks with #SigmaRules from SOC Prime Platform.

https://socprime.com/blog/cve-2023-38831-detection-uac-0057-group-exploits-a-winrar-zero-day-to-spread-a-picassoloader-variant-and-cobaltstrike-beacon-via-rabbit-algorithm/ #CVE #malware