sigma-specification

Changes and Feature Introduced in V2.1.0

The following is a non-exhaustive list of changes between the v2.0.0 and v2.1.0 specification.

• Generality
• Modifiers
• Tags
• Taxonomy
• Correlation
• Filter
• Rules

Generality

A lot of work has been done on the wording to make it easier to understand.

Some files have been renamed or moved for convenience.

There is now a workflow to check new input:

• Markdown Linter with mdformat
• Markdown invalid link
• json schema formatting with biome
• Json Schema against generic rules

Modifiers

We introduced a new set of modifiers. You can check the full list of all currently supported modifiers in the Sigma Modifiers Appendix.

Tags

We introduced a new set of tags. You can check the full list of all currently supported tags in the Sigma tags Appendix.

Taxonomy

We introduced a new generic network category. You can check the full list of sigma taxonomies in the Sigma taxonomies Appendix.

Correlation

We introduced a new Metric operator in correlation

Filter

No breaking change

Rules

No breaking change

This site is open source. Improve this page.