In this post I review of all the Custom STIX 2.1 Objects and Properties used by the ATT&CK.
Blog
The Signals Corps blog
-
MITRE ATT&CK 102: STIX 2.1 Customisation
-
MITRE ATT&CK 101: Data Structure
In this post I take a look at how the framework is structured on STIX 2.1 Objects.
-
Sigma Rules 109: Translation to STIX Objects
Sigma Tutorials April 18, 2022
In this post I will explain why you might want to turn Sigma Rules into STIX Objects and show an example of how it could be done.
-
Sigma Rules 107: Sigmac
Tutorials Sigma March 21, 2022
In this post I will show you how to use Sigmac to automatically transform your Sigma Rules into other target query languages.
-
Sigma Rules 106: Writing Splunk detections in SPL
Tutorials Sigma March 07, 2022
In this post I will take a look at creating basic SPL searches for Splunk (and show a manual conversion of a Sigma rule to a Splunk Detection).
-
Sigma Rules 105: Writing Detections in Kusto for Microsoft Sentinel
Tutorials Sigma February 21, 2022
In this post I will take a look at creating basic Kusto rules for Microsoft Sentinel (and show a manual conversion of a Sigma rule to Kusto rule).
-
Sigma Rules 104: Writing Detections in YARA-L for Google Chronicle
Tutorials Sigma February 07, 2022
In this post I will take a look at creating basic YARA-L for Google Chronicle (and show a manual conversion of a Sigma rule to YARA-L format).
-
Sigma Rules 103: Writing Detections (Conditions)
Tutorials Sigma January 24, 2022
In this post I will dive into how to define conditions to create complex detection criteria for Sigma Rules.
-
Sigma Rules 102: Writing Detections (Search Identifiers)
Tutorials Sigma January 10, 2022
In this post I will dive into the details of Sigma detection logic and how to start writing more advanced rules.
-
Sigma Rules 101: Metadata and Logsources
Tutorials Sigma December 27, 2021
In this post I will introduce the structure of Sigma Rules and how to write attributes to support detection content