Adaz icon indicating copy to clipboard operation
Adaz copied to clipboard
verified publisher icon christophetd

Build integration with Sigma rules

Open christophetd opened this issue 5 years ago • 0 comments

Suggestion:

  • Clone Sigma rules repository or allow to specify custom ones
  • Convert them to Elastalert format using sigmac
  • Run Elastalert on the Elasticsearch/Kibana VM
  • Output alerts to Elasticsearch

christophetd avatar May 28 '20 15:05 christophetd