sigma-specification

Sigma Specification - Generic Signature Format for SIEM Systems


Sigma Logo

</a>

Sigma Official Badge GitHub Repo stars
Open Source Security Index - Fastest Growing Open Source Security Projects

Welcome to the official Sigma Specification repository.

A Quick Rundown

Here’s what you can expect from each of the main subfolders within this repo. Please take a minute to educate yourself!

Specification

Specification will contain markdown files describing the Sigma specification format in details.

JSON Schema

Json-Schema will contain a list of JSON schemas for the following.

Appendix

Appendix will contain additional files providing additional details to certain fields of a Sigma rule

SigmaHQ

SigmaHQ will contain markdown files that describe rules and recommendations that are applied to the rules hosted in SigmaHQ main rule repository.

Note

The SigmaHQ folder and the files contains within are not part of the sigma specification. They are there to ensure and easier management of the rules hosted in the main rule repository

Version 2 Changes

You can read more on the potential breaking changes and additional features introduced in version 2.0.0 of the specification here