Can I use these rules in my SIEM immediately?

The skill generates the 'detection' and 'logsource' portions in standard YAML format, which can be used with Sigma converters to target platforms like Splunk, ELK, or Microsoft Sentinel.

What log sources are supported by these Sigma rules?

The skill focuses on host-based detections, specifically targeting Windows Security, System, and Application logs, as well as Sysmon and PowerShell execution logs.

Does this skill require manual formatting of the input news?

No, you can provide raw security news publications or report text, and the skill will identify the relevant TTPs for extraction.

Are the generated rules mapped to security frameworks?

Yes, the Sigma rules include relevant metadata such as MITRE ATT&CK tags and descriptions to ensure they fit into standard security operations workflows.

Sigma Rule Generator

Name: Sigma Rule Generator
Author: bdmorin

bybdmorin

•

安全与测试

Translates security news publications into actionable YAML-based Sigma detection rules for SIEM and host-based monitoring.

This skill functions as an expert cybersecurity detection engineer, streamlining the process of turning threat intelligence into active defense. By analyzing security news and technical reports, it extracts Tactics, Techniques, and Procedures (TTPs) and automatically formats them into structured Sigma rules. It specifically focuses on host-based detections for Windows environments, Sysmon, and PowerShell, providing security teams with ready-to-use YAML configurations to identify malicious activity within their infrastructure.

主要功能

01Generates standard YAML Sigma rules for SIEM integration

021 GitHub stars

03Provides well-documented detection logic and false positive guidance

04Maps detections to MITRE ATT&CK framework tags

05Optimized for Sysmon, PowerShell, and Windows Event Logs

06Automated extraction of TTPs from unstructured security news

使用场景

01Converting a new ransomware analysis blog post into immediate SIEM detection logic

02Standardizing threat intelligence feeds into a consistent detection-as-code format

03Drafting PowerShell execution alerts based on incident response findings

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add bdmorin/the-no-shop create-sigma-rules

For use in Claude.ai and ChatGPT

主要功能

01Generates standard YAML Sigma rules for SIEM integration

021 GitHub stars

03Provides well-documented detection logic and false positive guidance

04Maps detections to MITRE ATT&CK framework tags

05Optimized for Sysmon, PowerShell, and Windows Event Logs

06Automated extraction of TTPs from unstructured security news

使用场景

01Converting a new ransomware analysis blog post into immediate SIEM detection logic

02Standardizing threat intelligence feeds into a consistent detection-as-code format

03Drafting PowerShell execution alerts based on incident response findings

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add bdmorin/the-no-shop create-sigma-rules

For use in Claude.ai and ChatGPT