Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Sigma rules on sentinel

Copper Contributor

Was just wondering, if its worth importing converted sigma rules into sentinel to use for detection. Does sentinel already have these rules by default in its intelligence? 

2 Replies
There is a blog posting here in regards to importing Sigma rules that may help you deicde: https://techcommunity.microsoft.com/t5/Azure-Sentinel/Importing-Sigma-Rules-to-Azure-Sentinel/ba-p/6...

Hi gary,

 

I am aware of it. The reason i asked is because ianhelle of MSFT did create that notebook conversion. So i was wondering if it would have been included into Sentinels intelligence, and by me importing converted sigma rules this would be a duplication.