Splunk Search
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

sigma rules

splunk_u1
Engager
‎09-14-2021 07:34 AM

Hi there!

Please allow me to admit, I'm newbie to splunk + sigma  rules for detection.

In my test environment, I have imported windows sysmon event logs. I understand that using sigmac, I can create rules for splunk. My Q is how would I use those sigma rules for use with splunk for detection ? 

My understanding is that when I ingest new logs, splunk would auto run those rules against newly ingested logs ? Thank you

Tags (2)
Reply
Get Updates on the Splunk Community!

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...
Top