In this post I will take a look at creating basic YARA-L for Google Chronicle (and show a manual conversion of a Sigma rule to YARA-L format).
Blog
The Signals Corps blog
-
Sigma Rules 104: Writing Detections in YARA-L for Google Chronicle
Tutorials Sigma February 07, 2022
-
Sigma Rules 103: Writing Detections (Conditions)
Tutorials Sigma January 24, 2022
In this post I will dive into how to define conditions to create complex detection criteria for Sigma Rules.
-
Sigma Rules 102: Writing Detections (Search Identifiers)
Tutorials Sigma January 10, 2022
In this post I will dive into the details of Sigma detection logic and how to start writing more advanced rules.
-
Sigma Rules 101: Metadata and Logsources
Tutorials Sigma December 27, 2021
In this post I will introduce the structure of Sigma Rules and how to write attributes to support detection content
-
TAXII 2.1 105: TAXII Clients
Tutorials Taxii November 29, 2021
In this post I will show you a quick start guide to using Oasis’s open-source TAXII Client, cti-taxii-client.
-
TAXII 2.1 104: Medallion TAXII Server
Tutorials Taxii November 15, 2021
In this post I will show an open-source TAXII Server allowing you to quickly get up and running to share intelligence.
-
TAXII 2.1 103: Updating Objects in Collections
Tutorials Taxii November 01, 2021
In this post I will show intelligence producers how to add and remove STIX 2.1 Objects using a TAXII Server API.
-
TAXII 2.1 102: Consuming Objects in Collections
Tutorials Taxii October 18, 2021
In this post I will walk through how TAXII Clients logically consume cyber threat intelligence from Collections using a TAXII 2.1 API.
-
TAXII 2.1 101: TAXII Concepts
Tutorials Taxii October 04, 2021
In this post I will give you an introduction of TAXII 2.1 concepts to prepare you for the following posts in the tutorial series.
-
STIX 2.1 108: Storing Objects in a Graph Database
Stix September 06, 2021
In this post I will show you how Signals Corps products use ArangoDB to store STIX 2.1 Objects.