Skip to content
Akshay ChaturvediSep 12, 2022 10:51:52 PM1 min read

Announcement: DNIF Query Language Support Added to Sigma Rules

We are happy to share that our engineering team has contributed a translation backend for DNIF HYPERCLOUD to the popular open-source Sigma rules project. The pull request was merged by Thomas Patzke, who along with Florian Roth, tirelessly maintains this project that provides an open signature format and supporting tools that enable the security community to describe, share and operationalize threat detection methods.

What does it enable?

You can use the sigma converter utility “sigmac” to translate sigma rules for indicators of attack and compromise provided by the sigma project as well as community researchers, third-party consultants, and services such as SOCPrime into DNIF native query language(DQL). 

How do you use it?

The DNIF backend converts Sigma rules to the DNIF queries, with the identifier as dnif

The configuration will define the field mappings, value mappings and source mappings. see tools/config/dnif.yml

You can check out how to use Sigma rules with DNIF HYPERCLOUD here:

tools/sigmac -t dnif -c tools/config/dnif.yml rules/network/firewall/net_firewall_high_dns_requests_rate.yml 

image1

What does this mean for our customers?

Security Engineering talent is hard to come across — and it’s even harder to keep track of the latest threats, understand how they work and be able to devise, test, and maintain effective detection. Projects such as sigma help the industry at large overcome the skill shortage and maintain an edge against increasingly commercialized adversarial operations.

About DNIF HYPERCLOUD

We are inspired by how the Sigma project enables the security community and industry to improve cyber defense capabilities by providing open access to threat detection methods. DNIF HYPERCLOUD aims to take that a step further by making security analytics more accessible, practical and economical to everyone by providing the most affordable and the most scalable security analytics and automation platform. 

While most SIEM solutions claim to be able to scale hardware, operations and licenses to support ever-increasing log volumes, DNIF HYPERCLOUD turns terabyte-scale daily log ingestion into the starting line allowing customers to eliminate log collection blindspots. 

avatar

Akshay Chaturvedi

Software Engineer @ DNIF, works closely on developing integrations and connectors for DNIF HYPERCLOUD.

RELATED ARTICLES