Generic detection rule creation and management using Sigma, the universal SIEM rule format. Sigma provides vendor-agnostic detection logic for log analysis across multiple SIEM platforms. Use when: (1) Creating detection rules for security monitoring, (2) Converting rules between SIEM platforms (Splunk, Elastic, QRadar, Sentinel), (3) Threat hunting with standardized detection patterns, (4) Building detection-as-code pipelines, (5) Mapping detections to MITRE ATT&CK tactics, (6) Implementing compliance-based monitoring rules.
Inherits all available tools
Additional assets for this skill
This skill inherits all available tools. When active, it can use any tool Claude has access to.
assets/compliance-rules/iso27001-logging.ymlassets/compliance-rules/nist-800-53-audit.ymlassets/compliance-rules/pci-dss-monitoring.ymlassets/rule-templates/credential-access.ymlassets/rule-templates/lateral-movement.ymlassets/rule-templates/persistence.ymlassets/rule-templates/privilege-escalation.ymlreferences/backend-support.mdreferences/compliance-mappings.mdreferences/field-modifiers.mdreferences/log-source-guide.mdreferences/mitre-attack-mapping.md