دوره Applied Network Defense | Detection Engineering with Sigma

Detection Engineering with Sigma will teach you how to write and tune Sigma rules to find evil in logs using real-world examples that take you through the detection engineering process. We’ll dissect real Sigma detection rules focused on finding a variety of malicious activity in diverse log sources. Once you have a good handle on these components, you’ll start writing and tuning your own rules in a series of case studies. In some case studies, I’ll describe a detection gap and you’ll write a rule on your own before I show you how I tackled the problem myself. In other scenarios, you’ll write or modify a rule on your own and submit it to me for feedback. In this course, you are never alone! I will be with you 100% of the way to help you understand the structure of Sigma rules, how to get from idea to finished rule, and best practices for writing resilient rules.

Syllabus

  • The detection engineering process from initial detection gap identification to deploying your rule.
  • The structure of Sigma rules, including the difference between lists and maps, how condition expressions work, and all the essential metadata that’ll be useful for investigating alerts it generates.
  • How to use the SOC Prime Sigma UI plugin for Kibana to develop rules with a graphical editor.
  • Sigmac usage to convert rules to popular investigation and detection tool formats like Splunk, ELK, and others.
  • How to write resilient rules that find more evil, stand the test of time, and cause headaches for adversaries.
  • How to write your own detection rules using familiar log sources like Windows Events, Zeek Logs, Sysmon Logs, AWS CloudTrail logs, and more.
  • Guidelines and best practices for developing Sigma rules you can share with third parties, including the public Sigma rule repository.
  • The principles of detection as code with a tutorial on managing your custom ruleset with Git.
  • Tips and tricks for using Sigma and its tools on the command line.
  • How to leverage popular Sigma integrations like Security Onion Playbook.

Applied Network Defense | Detection Engineering with Sigma