Sigma Unleashed: A Realistic Implementation скачать в хорошем качестве

Sigma Unleashed: A Realistic Implementation

Mathieu Le Cleach (CERT-EU, BE) Mathieu is a member of CERT-EU's Digital Forensics and Incident Response team. He has two hats: respond to security incidents, including significant ones, and engineer CERT-EU's detection strategy. Before joining CERT-EU, Mathieu worked as a CSIRT analyst for a French financial institution. --- Sigma is a well-known generic detection rule format in the cybersecurity landscape. While this free, open-source project is very active and offers a wide range of features, its implementation is challenging, and especially for MSSPs. At CERT-EU, we serve the 90 European Union institutions, bodies, offices and agencies (Union entities) and we strive to deliver the best possible services to them. This is why we relentlessly try to enhance the detection capabilities of our Security Log Monitoring Service. To this endeavour, we created droid, a tool that we specifically built to introduce Detection-as-Code in our environment. In the spirit of fostering a culture of collective progress, we are very excited to share droid as our take to facilitate the ingestion of Sigma rules for any organisation. The tool unlocks the following use cases: detection content versioning, vendor agnostic approach, cross-tool detection content, testing and validating detection rules, by taking advantage of Atomic Red Team, automation of exporting the rules to multiple SIEMs and EDRs.