Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
A Sigma rule is a generic YAML detection format for log data that converts into SIEM-specific queries, enabling portable, shareable detections.
Sigma Rule Definition: A Sigma rule is a generic YAML detection format for log data that converts into SIEM-specific queries, enabling portable, shareable detections.
A Sigma rule is a vendor-neutral, YAML-based signature format for describing log-based detection logic that can be converted into queries for many SIEM and log platforms. Often called the "Snort of log files," Sigma lets analysts write a detection once and translate it into backend-specific searches using a converter such as sigmac or pySigma. This portability makes Sigma a common way to share threat-detection content across the security community.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →