Can I use this for multi-cloud environments?

Yes, it provides architectures for AWS Security Lake, Azure-native Sentinel integrations, and platform-agnostic setups using tools like Fluentd, Logstash, and Filebeat.

How does this help with regulatory compliance?

It includes specific retention policy templates and storage tiering strategies designed to meet the audit trail requirements of GDPR, HIPAA, PCI DSS, and SOC 2.

What is the advantage of using SIGMA rules with this skill?

SIGMA allows you to write detection logic in a universal YAML format which this skill then helps you compile into platform-specific queries for Elastic, Splunk, or Kusto (Sentinel).

Which SIEM platforms does this skill support?

The skill provides guidance and implementation patterns for major industry platforms including Elastic SIEM, Microsoft Sentinel, Splunk Enterprise Security, and the open-source Wazuh XDR.

SIEM & Security Logging

Name: SIEM & Security Logging
Author: ancoleman

byancoleman

•

158

セキュリティとテスト

Configures centralized security information and event management systems for threat detection, compliance auditing, and log aggregation.

概要

SIEM & Security Logging provides a comprehensive framework for designing and implementing robust security monitoring infrastructure across cloud, hybrid, and on-premise environments. It guides developers and security engineers through platform selection (Elastic, Microsoft Sentinel, Wazuh, Splunk), cross-platform detection rule development using SIGMA, and multi-cloud log aggregation architectures. By utilizing this skill, teams can ensure their infrastructure meets strict regulatory compliance requirements like GDPR, SOC 2, and PCI DSS while simultaneously reducing alert fatigue through expert tuning and noise reduction strategies.

主な機能

Scalable log aggregation architecture design for multi-region and cloud-native environments
Universal threat detection rule creation using SIGMA format for cross-platform portability
Platform-specific query generation for Elastic EQL, Microsoft KQL, and Splunk SPL
Advanced alert tuning methodologies to reduce false positives and improve response times
158 GitHub stars
Compliance-ready log retention and storage tiering strategies to optimize costs

ユースケース

Implementing centralized security monitoring for multi-cloud AWS, Azure, and GCP infrastructure
Meeting regulatory audit requirements for SOC 2, HIPAA, or PCI DSS log retention
Developing custom threat detection patterns for credential access and data exfiltration

概要

主な機能

Scalable log aggregation architecture design for multi-region and cloud-native environments
Universal threat detection rule creation using SIGMA format for cross-platform portability
Platform-specific query generation for Elastic EQL, Microsoft KQL, and Splunk SPL
Advanced alert tuning methodologies to reduce false positives and improve response times
158 GitHub stars
Compliance-ready log retention and storage tiering strategies to optimize costs

ユースケース

Implementing centralized security monitoring for multi-cloud AWS, Azure, and GCP infrastructure
Meeting regulatory audit requirements for SOC 2, HIPAA, or PCI DSS log retention
Developing custom threat detection patterns for credential access and data exfiltration