Sigma rules which everyone should know.

Sigma rules are a way to write and share detection methods for different types of log events that can indicate suspicious or malicious activity in your network. They are written in YAML, a human-readable format, and can be converted to the specific query language of your SIEM system. Here are some prompts about sigma rules:

- Write a sigma rule that detects when a user logs in from an unusual country based on their previous login history.
- Explain the difference between the fields title, id, and status in a sigma rule.
- Find an example of a sigma rule that detects ransomware activity and explain how it works.
- Compare and contrast sigma rules with YARA rules. What are the advantages and disadvantages of each?
- Write a poem or a song about sigma rules and how they help you defend your network.

Source: Conversation with Bing, 11/11/2023
(1) GitHub - SigmaHQ/sigma: Main Sigma Rule Repository. https://github.com/SigmaHQ/sigma.
(2) Sigma rules explained: When and how to use them to log events. https://www.csoonline.com/article/572973/sigma-rules-explained-when-and-how-to-use-them-to-log-events.html.
(3) What Are Sigma Rules? - picussecurity.com. https://www.picussecurity.com/resource/glossary/what-is-sigma-rule.
(4) SIGMA Rules: how to standardize detections for any SIEM - Yogosha. https://yogosha.com/blog/sigma-rules/.