Home

Sigma rules on sentinel

%3CLINGO-SUB%20id%3D%22lingo-sub-926027%22%20slang%3D%22en-US%22%3ESigma%20rules%20on%20sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-926027%22%20slang%3D%22en-US%22%3E%3CP%3EWas%20just%20wondering%2C%20if%20its%20worth%20importing%20converted%20sigma%20rules%20into%20sentinel%20to%20use%20for%20detection.%20Does%20sentinel%20already%20have%20these%20rules%20by%20default%20in%20its%20intelligence%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-926027%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESigma%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-927950%22%20slang%3D%22en-US%22%3ERE%3A%20Sigma%20rules%20on%20sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-927950%22%20slang%3D%22en-US%22%3EThere%20is%20a%20blog%20posting%20here%20in%20regards%20to%20importing%20Sigma%20rules%20that%20may%20help%20you%20deicde%3A%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Sentinel%2FImporting-Sigma-Rules-to-Azure-Sentinel%2Fba-p%2F657097%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Sentinel%2FImporting-Sigma-Rules-to-Azure-Sentinel%2Fba-p%2F657097%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-931160%22%20slang%3D%22en-US%22%3ERE%3A%20Sigma%20rules%20on%20sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-931160%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20gary%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20aware%20of%20it.%20The%20reason%20i%20asked%20is%20because%20ianhelle%20of%20MSFT%20did%20create%20that%20notebook%20conversion.%20So%20i%20was%20wondering%20if%20it%20would%20have%20been%20included%20into%20Sentinels%20intelligence%2C%20and%20by%20me%20importing%20converted%20sigma%20rules%20this%20would%20be%20a%20duplication.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
sreeman
New Contributor

Was just wondering, if its worth importing converted sigma rules into sentinel to use for detection. Does sentinel already have these rules by default in its intelligence? 

2 Replies
There is a blog posting here in regards to importing Sigma rules that may help you deicde: https://techcommunity.microsoft.com/t5/Azure-Sentinel/Importing-Sigma-Rules-to-Azure-Sentinel/ba-p/6...

Hi gary,

 

I am aware of it. The reason i asked is because ianhelle of MSFT did create that notebook conversion. So i was wondering if it would have been included into Sentinels intelligence, and by me importing converted sigma rules this would be a duplication. 

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies