Going below the surface of the ATT&CK matrix.
SIEM Rules
The latest SIEM Rules content
Blog > SIEM Rules
-
MITRE ATT&CK - things you might have missed...
Siem-rules April 11, 2022
-
How to write detection and hunting queries using Kusto in Microsoft Sentinel (Part 2)
Siem-rules March 28, 2022
Last weeks post introduced the basics of Sentinel Detection and Hunting rules.
-
How to write detection rules using Kusto in Microsoft Sentinel (Part 1)
Siem-rules March 14, 2022
I see more-and-more people we work with starting to use Microsoft Sentinel.
-
A STIX 2.1 Indicator Object Pattern Matching Game
Siem-rules February 28, 2022
Put the skills you learned about STIX 2.1 Patterning in last weeks post to the test.
-
An Introductory Look at STIX 2.1 Indicator Object Patterns (Part 1)
Siem-rules February 14, 2022
Deconstructing STIX Patterns to write effective detection rules.
-
What is the difference between a STIX Domain and STIX Cyber-Observable Object?
Siem-rules January 31, 2022
The STIX 2.1 is a schema that defines a taxonomy of cyber threat intelligence that is represented by different Object types.
-
How to write detection rules in YARA-L for Google Chronicle
Siem-rules January 17, 2022
At the end of last year I ran a series of post describing the syntax of Sigma rules (used for threat detection).
-
Sigma Rules 101: Converting to Other Rule Formats (Part 4)
Siem-rules December 06, 2021
Translating for your SIEM.
-
Sigma Rules 101: Writing the Detection (Part 3)
Siem-rules November 29, 2021
How to define what to look for.
-
Sigma Rules 101: Defining the Logsource (Part 2)
Siem-rules November 22, 2021
Now to set where to search.
-
Sigma Rules 101: Introducing the YAML Syntax (Part 1)
Siem-rules November 15, 2021
Let’s start with the basics.