Workshop: Detection Engineering with Sigma

This workshop introduces Sigma rules and covers the following topics:

Introduction to Sigma and the rule format.
Value modifiers and conditions.
Good practices for writing Sigma rules.
Some examples for Sigma rules.
Concepts for correlation detections.
Some examples for Sigma correlation rules.

The workshop was first presented at Hack.lu 2025 in Luxembourg.

Usage

The PDF contained in this repository contains the slides of the workshop. All rule files are self-contained and can be copy and pasted into sigconverter.io. The file pipeline.yml contains a processing pipeline that is used to show placeholders.

Related Work

Check out the operationalization workshop for learning how Sigma can be integrated into your detection pipeline.

Name		Name	Last commit message	Last commit date
Latest commit History 9 Commits
bluehammer-claude-opus-4.6		bluehammer-claude-opus-4.6
bluehammer-gpt-4o		bluehammer-gpt-4o
bluehammer-gpt-5-mini		bluehammer-gpt-5-mini
Detection Engineering with Sigma.pdf		Detection Engineering with Sigma.pdf
README.md		README.md
corr_possible_brute_force.yml		corr_possible_brute_force.yml
corr_possible_password_spray.yml		corr_possible_password_spray.yml
corr_suspicious_sequence_of_events.yml		corr_suspicious_sequence_of_events.yml
pipeline.yml		pipeline.yml
process_creation_win_possible_prt_token_theft.yml		process_creation_win_possible_prt_token_theft.yml
test.yml		test.yml
win_security_failed_logon.yml		win_security_failed_logon.yml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Workshop: Detection Engineering with Sigma

Usage

Related Work

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Folders and files

Latest commit

History

Repository files navigation

Workshop: Detection Engineering with Sigma

Usage

Related Work

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Packages