SigmaHQ
概要
The SigmaHQ connector ingests Sigma detection rules from the SigmaHQ repository (https://sigmahq.io) as indicators in OpenCTI. It imports over 3000 detection rules including generic detection rules, threat hunting rules, emerging threat rules, compli
The SigmaHQ connector enables automated ingestion of Sigma detection rules from the SigmaHQ repository (https://sigmahq.io) into OpenCTI as indicators. Sigma is a generic signature format for SIEM systems that allows detection engineers, threat hunters, and defensive security practitioners to collaborate on detection rules.
This connector imports more than 3000 detection rules.
By importing these rules as indicators in OpenCTI, organizations can enrich their threat intelligence platform with community-maintained detection logic, enhance their detection capabilities, and correlate Sigma rules with other threat intelligence entities such as TTPs, malware, and threat actors.