Recently I was asked if Sigma rules (
https://github.com/SigmaHQ/sigma) are supported by syslog-ng. Syslog-ng has message parsing, filtering, and can be used for alerting. But I'm not aware of any tools that could
turn Sigma rules into PatternDB and syslog-ng.conf
Syslog-ng can send logs to Splunk, ElasticSearch / OpenSearch or Graylog, all which already have sigma rules integrations. Of course, many users use/abuse syslog-ng as a kind of SIEM-lite as it is very good at real-time alerting.
However, as far as I can see, Sigma rules are better suited for threat hunting on the SIEM side.
If you already Sigma rules with syslog-ng or any other way: please share your experiences!