Welcome to the official Sigma Specification repository.
Here's what you can expect from each of the main subfolders within this repo. Please take a minute to educate yourself!
Specification will contain markdown files describing the Sigma specification format in details. The appendix files provide more detailed information on certain aspects to facilitate reading and research.
-
Sigma Rules Specification - Describes what constitute a Sigma rule.
-
Sigma Correlation Specification - Describes the Sigma correlation format.
-
Sigma Filters Specification - Described the Sigma filters format.
-
Sigma Modifiers Appendix is a document that defines the different modifiers that can be used in a Sigma rule.
-
Sigma Tags Appendix is a document that defines the tags namespaces that can be used to categorize the different Sigma rules.
-
Sigma Taxonomy Appendix is a document that defines the different field names and log sources that are currently supported by SigmaHQ in order to ensure sharable rules.
Json-Schema will contain a list of JSON schemas for the following.
SigmaHQ will contain markdown files that describe rules and recommendations that are applied to the rules hosted in SigmaHQ main rule repository.
Note
The SigmaHQ folder and the files contains within are not part of the sigma specification. They are there to ensure and easier management of the rules hosted in the main rule repository
You can read more on the potential breaking changes and additional features introduced in version:
The other directories are only there for operational purposes.
media: logo for the readme filetest: files for workflow operations