Creating Effective Sigma Rules with AI
Cloud Security Podcast25 Kesä 2024

Creating Effective Sigma Rules with AI

Can Threat Detection be enhanced with AI? Ashish sat down with Dave Johnson, Senior Threat Intelligence Advisor at Feedly, at BSides SF 2024, where Dave also presented a talk.

Dave shares his journey in cyber threat intelligence, including his 15-year career with the FBI and his transition to the private sector. The conversation focuses on the innovative use of large language models (LLMs) to create Sigma rules for threat detection and the challenges faced along the way. Dave spoke about his four approaches to creating Sigma rules with AI, ultimately highlighting the benefits of prompt chaining and Retrieval Augmented Generation (RAG) systems.


Guest Socials: ⁠Dave's Linkedin

Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp


Questions asked:

(00:00) Introduction

(01:44) A word for our episode sponsor, Panoptica

(02:39) A bit about Dave Johnson

(03:33) What are Sigma Rules?

(04:36) Where to get started with Sigma Rules?

(05:27) Skills required to work with Sigma Rules

(06:32) The four approaches Dave took to Sigma Rules

(11:29) Are Sigma Rules complimentary to existing log systems?

(12:18) Challenges Dave had during his research

(14:09) Validating Sigma Rules

(16:01) Working on Sigma Rule Projects

(18:54) The Fun Section


Resources spoken about during the episode:

Dave's Website

SigmaHQ GitHub

Jaksot(345)

Security and Compliance in AWS Cloud

Security and Compliance in AWS Cloud

In this episode of the Virtual Coffee with Ashish edition for Cloud Security Podcast, we spoke with Alexander J Yawn - ISC2 Miami Board Member | NABCRMP Founding Board Member Host: Ashish Rajan - Tw...

20 Syys 20201h 1min

Identity & Cross Account Access Management in AWS | CLOUD SECURITY - Alexandre Sieira

Identity & Cross Account Access Management in AWS | CLOUD SECURITY - Alexandre Sieira

In this episode of the Virtual Coffee with Ashish edition, we spoke with Alexandre Sieira - Founder @ Tenchi Security Host: Ashish Rajan - Twitter @hashishrajan Guest: Alexandre Sieira - Twitter @A...

13 Syys 20201h 17min

WHAT IS AZURE IDENTITY MANAGEMENT | CLOUD SECURITY

WHAT IS AZURE IDENTITY MANAGEMENT | CLOUD SECURITY

In this episode of the Virtual Coffee with Ashish edition, we spoke with David O’Brien, MVP Azure , Argos Founder Host: Ashish Rajan - Twitter @hashishrajan Guest: David O'Brien - Twitter @david_ob...

6 Syys 202049min

CLOUD SECURITY POSTURE MANAGEMENT - CSPM - GAURAV KUMAR

CLOUD SECURITY POSTURE MANAGEMENT - CSPM - GAURAV KUMAR

In this episode of the Virtual Coffee with Ashish edition, we spoke with Gaurav Kumar, co-founder of RedLock (now part of Palo Alto Prisma Cloud). Host: Ashish Rajan - Twitter @hashishrajan Guest: ...

30 Elo 202055min

HOW TO BUILD SECURE ENVIRONMENTS IN Google Cloud - DARPAN SHAH

HOW TO BUILD SECURE ENVIRONMENTS IN Google Cloud - DARPAN SHAH

In this episode of the Virtual Coffee with Ashish edition, we spoke with Darpan Shah, Cloud Security Engineer. Darpan has 8 AWS Certificates, 6 GCP certificates and at his work, he works on both Googl...

23 Elo 202057min

HOW TO BUILD SECURE ENVIRONMENTS IN MICROSOFT AZURE - NICHOLAS HUGHES

HOW TO BUILD SECURE ENVIRONMENTS IN MICROSOFT AZURE - NICHOLAS HUGHES

In this episode of the Virtual Coffee with Ashish edition, we spoke with Nicholas Hughes, CEO of EITR Technologies. Host: Ashish Rajan - Twitter @hashishrajan Guest: Nicholas Hughes - Linkedin In...

16 Elo 202053min

HOW TO CREATE AN EFFECTIVE CYBER SECURITY TEAM - CLINT GIBLER

HOW TO CREATE AN EFFECTIVE CYBER SECURITY TEAM - CLINT GIBLER

In this episode of the Virtual Coffee with Ashish edition, we spoke with Clint Gibler Host: Ashish Rajan - Twitter @hashishrajan Guest: Clint Gibler - Linkedin In this episode, Clint & Ashish spok...

9 Elo 202049min

Application Security AppSec 101 - Tanya Janca

Application Security AppSec 101 - Tanya Janca

In this episode of the Virtual Coffee with Ashish edition, we spoke with Tanya Janca, Founder, SheHacksPurple & WeHackPurple. Host: Ashish Rajan - Twitter @hashishrajan Guest: Tanya Janca - Linkedi...

2 Elo 20201h 6min