[syslog-ng] working with Sigma rules?
Peter Czanik (pczanik)
Peter.Czanik at oneidentity.com
Wed Aug 9 06:55:49 UTC 2023
Hi,
Recently I was asked if Sigma rules (https://github.com/SigmaHQ/sigma) are supported by syslog-ng. Syslog-ng has message parsing, filtering, and can be used for alerting. But I'm not aware of any tools that could turn Sigma rules into PatternDB and syslog-ng.conf
Syslog-ng can send logs to Splunk, ElasticSearch / OpenSearch or Graylog, all which already have sigma rules integrations. Of course, many users use/abuse syslog-ng as a kind of SIEM-lite as it is very good at real-time alerting. However, as far as I can see, Sigma rules are better suited for threat hunting on the SIEM side.
If you already Sigma rules with syslog-ng or any other way: please share your experiences!
Thanks,
Peter
Peter Czanik (CzP) <peter.czanik at oneidentity.com>
Balabit (a OneIdentity company) / syslog-ng upstream
https://syslog-ng.com/community/
https://twitter.com/PCzanik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20230809/b9d56a4e/attachment.htm>
More information about the syslog-ng
mailing list