Sim 15: Sigma Rule Builder

Templates:

Title

Description

Status

Severity Level

Log Source — Category

Log Source — Product

Detection — Selection (YAML key: value pairs)

Detection — Filter (optional, negate with 'not filter')

Condition

False Positives (one per line)

ATT&CK Tags (comma-separated)

Author

Sigma Generic Format v1.0

Detection Field Reference

Modifier Reference

Condition Syntax

selection — match all
1 of selection* — any named
all of them — all selections
selection and not filter
selection1 or selection2
selection | count() > 5

Sigma Rule Builder — Interactive Detection Rule Composer

Detection Field Reference

Modifier Reference

Condition Syntax