Tag: Sigma

Interview with Developer: Nate Guagenti

Meet Nate Guagenti Over a decade, Nate has both deployed and engineered network and endpoint SIEMs that have scaled to multiple-TB/day of ingest, while simultaneously using and training others on the deployed solution. As Nate has worked in all facets of IT, he adds the unique experience of someone who has performed both endpoint and network […]

Read More
Interview with Developer: Thomas Patzke

We keep interviewing the developers of our Threat Bounty Program  (https://my.socprime.com/en/tdm-developers) to encourage cybersecurity professionals to develop more Sigma rules, share their threat-detection content and build a stronger community. The previous interview is here https://socprime.com/blog/interview-with-developer-florian-roth/ Meet Thomas Patzke Thomas is one of the most inspiring experts in the cybersecurity community who has 13+ years of […]

Read More
Interview with Developer: Florian Roth

We keep writing a series of interviews with participants of the Developer Program (https://my.socprime.com/en/tdm-developers). The previous interview is here: https://socprime.com/blog/interview-with-developer-lee-archinal/ Meet Florian Roth.  Florian Roth is CTO of Nextron Systems GmbH. He is the creator of APT Scanner THOR – Scanner for Attacker Activity and Hack Tools and the developer of the Nextron’s most comprehensive handcrafted […]

Read More
Continuous Compliance as a Code P1: Sigma

Compliance has always been a sort of Reactive process since standards are long, take tons of effort and a while to update, even more time to implement and the audit process happens once a year. Coming from the SIEM world I was dealing with Compliance through a prism of canned reports which usually return empty […]

Read More
Interview with Developer: Lee Archinal

We are starting a series of interviews with participants of the Developer Program (https://my.socprime.com/en/tdm-developers) to introduce you to these wonderful people who are searching the web for relevant threats and create unique content for their detection. Meet Lee Archinal! Hello Lee, hope you are inspired enough today to write a bit about yourself and your […]

Read More
Sigma Rules Guide for ArcSight

Introduction to Sigma Sigma, created by Florian Roth and Thomas Patzke, is an open source project to create a generic signature format for SIEM systems. The common analogy is that Sigma is the log file equivalent of what Snort is to IDS and what YARA is for file based malware detection. However, unlike Snort and […]

Read More