Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term Sigma Rule

Training Camp • Cybersecurity Glossary

What is Sigma Rule?

A Sigma rule is a generic YAML detection format for log data that converts into SIEM-specific queries, enabling portable, shareable detections.

Glossary > Security Operations > Sigma Rule

Understanding Sigma Rule

A Sigma rule is a vendor-neutral, YAML-based signature format for describing log-based detection logic that can be converted into queries for many SIEM and log platforms. Often called the "Snort of log files," Sigma lets analysts write a detection once and translate it into backend-specific searches using a converter such as sigmac or pySigma. This portability makes Sigma a common way to share threat-detection content across the security community.

Learn More About Sigma Rule:

Ready to Get Certified?

Turn knowledge into credentials with our instructor-led cybersecurity boot camps.

View All Courses →