Cross Platform Threat Hunting Rule Conversation
Today we are going to see how to convert the threat hunting rules from different formats.
I am going to use the Sigma Rule is the base rule, because it is open and most of the rule author contributing more in Sigma Rule.
Here is the below link, which has lot of rule in sigma.
sigma/rules at master · SigmaHQ/sigma
Generic Signature Format for SIEM Systems. Contribute to SigmaHQ/sigma development by creating an account on GitHub.
these rule we can use in our SIEM if it supports sigma format. orelse we can convert into supportable format which SIEM can easily consume.
Each SIEM product uses different formats for consuming the threat hunting rules.
example, YARA | OpenIOC | ElasticQuery.., etc.,
To convert the rules I use https://uncoder.io/
It supports major formats for conversion.
By utilizing this option, you can import lot of rules in your SIEM quickly.
Hope this helps you lot.
Thanks for Reading.