PHASE: Sigma Rule Format50% COMPLETION
MODULE 17
Sigma Rules
Writing generic detection rules that work across Splunk, ELK, and QRadar.
Sigma Rule Format
Sigma is a generic signature format for SIEM systems.
title: Suspicious PowerShell Execution
detection:
selection:
EventID: 4104
ScriptBlockText|contains: '-enc'
condition: selection
detection:
selection:
EventID: 4104
ScriptBlockText|contains: '-enc'
condition: selection