Delaware, USA – October 2, 2018 — Sigma UI plugin for Kibana is available in Threat Detection Marketplace. This is a free open-source application based on the Elastic stack and Sigma Converter (sigmac). It simplifies development, use and sharing of Sigma, a generic rule format for SIEM systems. It is now possible to write, update and export Sigma rules straight from Kibana web UI for all supported Sigma backends including: Elastic stack, ArcSight, QRadar, Splunk, Qualys, Logpoint, Graylog and Windows Defender ATP. If you’re using the Elastic stack for threat hunting purposes or as a primary SIEM, SIGMA UI has capabilities to drill-down directly from a rule to a search in Discover section of Kibana. Community Sigma rules are included with the application. Integration with Sigma official Github and SOC Prime Threat Detection Marketplace repositories is on the short-term roadmap.
Sigma allows threat hunters to describe relevant log events in a straightforward manner. The rule format is very flexible, easy to write and applicable to any type of log file. The main purpose of this project is to provide a structured form in which researchers or analysts can describe their once developed detection methods and make them shareable with others. Sigma is a private project mainly developed by Florian Roth and Thomas Patzke with feedback from many fellow analysts and friends.
You can download Sigma UI plugin for Kibana free of charge after registration in Threat Detection Marketplace: https://tdm.socprime.com/tdm/info/1331/