Join us at hack.lu 2025 β Info & Registration
Duration: 120 min
Type: Training
Speakers: Thomas Patzke
Abstract
Sigma is an open and generic format to share log detection signatures. In this hands-on workshop we learn how to write good Sigma rules by developing some for existing threats. It will cover simple rules for detection of single events as well as correlation rules for detection of event relationships.
Description
This workshop will cover the following topics:
- Introduction to the Sigma detection format.
- Donβt reinvent the wheel: searching existing Sigma rules.
- Developing simple Sigma rules for single events.
- Developing Sigma correlation rules to detect event relationships.
- Validation of Sigma rules.
- Using LLMs to support Sigma rule development.