Cross Platform Threat Hunting Rule Conversation

Today we are going to see how to convert the threat hunting rules from different formats.

Photo by Tamanna Rumee on Unsplash

I am going to use the Sigma Rule is the base rule, because it is open and most of the rule author contributing more in Sigma Rule.

Here is the below link, which has lot of rule in sigma.

sigma/rules at master · SigmaHQ/sigma

these rule we can use in our SIEM if it supports sigma format. orelse we can convert into supportable format which SIEM can easily consume.

Each SIEM product uses different formats for consuming the threat hunting rules.

example, YARA | OpenIOC | ElasticQuery.., etc.,

To convert the rules I use https://uncoder.io/

It supports major formats for conversion.

By utilizing this option, you can import lot of rules in your SIEM quickly.

Hope this helps you lot.

Thanks for Reading.