Cross Platform Threat Hunting Rule Conversation

Sathish Sivaprakash
1 min readJun 8, 2022

--

Today we are going to see how to convert the threat hunting rules from different formats.

Photo by Tamanna Rumee on Unsplash

I am going to use the Sigma Rule is the base rule, because it is open and most of the rule author contributing more in Sigma Rule.

Here is the below link, which has lot of rule in sigma.

these rule we can use in our SIEM if it supports sigma format. orelse we can convert into supportable format which SIEM can easily consume.

Each SIEM product uses different formats for consuming the threat hunting rules.

example, YARA | OpenIOC | ElasticQuery.., etc.,

To convert the rules I use https://uncoder.io/

It supports major formats for conversion.

By utilizing this option, you can import lot of rules in your SIEM quickly.

Hope this helps you lot.

Thanks for Reading.

--

--

Sathish Sivaprakash
Sathish Sivaprakash

Written by Sathish Sivaprakash

Threat Intelligence Analyst and Security Automation | Located in Abu Dhabi, UAE.

No responses yet