How to hunt with Zeek using Sigma rules for your SIEM

  • Thursday, 18 Mar 2021 10:30AM EDT (18 Mar 2021 14:30 UTC)
  • Speakers: Vincent Stoffer, Alex Krik, Mark Overholser

SOC engineers who wrangle multiple log sources, build complex SIEM queries, and analyze growing volumes of data have a new tool in their arsenal. Sigma is an open and standard format for sharing security analytics, queries, and detections with the community. Corelight recently teamed up with SOC Prime to create over 75 free Sigma rules that enable Zeek-based threat hunting with network data across a variety of SIEMs. Join us to learn how these rules along with Zeek, Corelight's Threat Hunting Guide, and the MITRE ATT&CK framework can improve your threat hunting capabilities.