We are happy to share that our engineering team has contributed a translation backend for DNIF HYPERCLOUD to the popular open-source Sigma rules project. The pull request was merged by Thomas Patzke, who along with Florian Roth, tirelessly maintains this project that provides an open signature format and supporting tools that enable the security community to describe, share and operationalize threat detection methods.
You can use the sigma converter utility βsigmacβ to translate sigma rules for indicators of attack and compromise provided by the sigma project as well as community researchers, third-party consultants, and services such as SOCPrime into DNIF native query language(DQL).
The DNIF backend converts Sigma rules to the DNIF queries, with the identifier as dnif
The configuration will define the field mappings, value mappings and source mappings. see tools/config/dnif.yml
You can check out how to use Sigma rules with DNIF HYPERCLOUD here:
tools/sigmac -t dnif -c tools/config/dnif.yml rules/network/firewall/net_firewall_high_dns_requests_rate.yml
Security Engineering talent is hard to come across β and itβs even harder to keep track of the latest threats, understand how they work and be able to devise, test, and maintain effective detection. Projects such as sigma help the industry at large overcome the skill shortage and maintain an edge against increasingly commercialized adversarial operations.
We are inspired by how the Sigma project enables the security community and industry to improve cyber defense capabilities by providing open access to threat detection methods. DNIF HYPERCLOUD aims to take that a step further by making security analytics more accessible, practical and economical to everyone by providing the most affordable and the most scalable security analytics and automation platform.
While most SIEM solutions claim to be able to scale hardware, operations and licenses to support ever-increasing log volumes, DNIF HYPERCLOUD turns terabyte-scale daily log ingestion into the starting line allowing customers to eliminate log collection blindspots.