Security Education
OffSec
iNE
Antisyphon
EC-Council
Applied Network Defense
Kaspersky
Sektor7
CompTIA
TCM Security
BlackHat
13Cubed
Dark Vortex
Enciphers
Forty North
Cyber warfare Labs
Maltrak
Scorpio Software
Security Onion
Zero Point Security
SentinelOne
Altered Security
SpecterOps
Pentester Academy
CQURE
PluralSight
StationX
Cybr
موسسههای دیگر
Detection Engineering with Sigma will teach you how to write and tune Sigma rules to find evil in logs using real-world examples that take you through the detection engineering process. We’ll dissect real Sigma detection rules focused on finding a variety of malicious activity in diverse log sources. Once you have a good handle on these components, you’ll start writing and tuning your own rules in a series of case studies. In some case studies, I’ll describe a detection gap and you’ll write a rule on your own before I show you how I tackled the problem myself. In other scenarios, you’ll write or modify a rule on your own and submit it to me for feedback. In this course, you are never alone! I will be with you 100% of the way to help you understand the structure of Sigma rules, how to get from idea to finished rule, and best practices for writing resilient rules.
Syllabus
- The detection engineering process from initial detection gap identification to deploying your rule.
- The structure of Sigma rules, including the difference between lists and maps, how condition expressions work, and all the essential metadata that’ll be useful for investigating alerts it generates.
- How to use the SOC Prime Sigma UI plugin for Kibana to develop rules with a graphical editor.
- Sigmac usage to convert rules to popular investigation and detection tool formats like Splunk, ELK, and others.
- How to write resilient rules that find more evil, stand the test of time, and cause headaches for adversaries.
- How to write your own detection rules using familiar log sources like Windows Events, Zeek Logs, Sysmon Logs, AWS CloudTrail logs, and more.
- Guidelines and best practices for developing Sigma rules you can share with third parties, including the public Sigma rule repository.
- The principles of detection as code with a tutorial on managing your custom ruleset with Git.
- Tips and tricks for using Sigma and its tools on the command line.
- How to leverage popular Sigma integrations like Security Onion Playbook.
