SIGMA rules and how to use them

Logo
Presented by

VLADISLAV BURTSEV, VLADIMIR KUSKOV, NIKITA NAZAROV

About this talk

These days the security industry is heavily packed with different tools and systems to control and prevent possible cyberattacks, making it easy to get lost in an array of choices. That’s until the arrival of SIGMA, which has turned out to be the universal language for writing hunts. Thanks to its comprehensive syntax and flexibility, SIGMA language allows for the straightforward description of relevant log events. Once developed, detection methods are shareable with other researchers – so SIGMA can be converted to any other language fast and simple. SIGMA gathers a huge community of SOC professionals on GitHub – and is becoming increasingly popular. Kaspersky actively involves SIGMA in its practice: the latest report on crimeware, “The common TTPs of modern ransomware groups“, includes over 70 SIGMA rules that simplify the work of security specialists. During this webinar, Kaspersky experts will provide a short overview of the SIGMA history, explain the main technical details – and, of course, share their own experiences using SIGMA rules for their current reports. The webinar will cover: - The history and evolution of SIGMA - Detailed analysis of SIGMA technical details - Overview of SIGMA rules included in “The common TTPs for ransomware groups” report - Q&A session.
Related topics:

More from this channel

Upcoming talks (24)
On-demand talks (79)
Subscribers (12694)
AO Kaspersky Lab (APAC)