Creating Effective Sigma Rules with AI
Cloud Security Podcast25 Kesä 2024

Creating Effective Sigma Rules with AI

Can Threat Detection be enhanced with AI? Ashish sat down with Dave Johnson, Senior Threat Intelligence Advisor at Feedly, at BSides SF 2024, where Dave also presented a talk.

Dave shares his journey in cyber threat intelligence, including his 15-year career with the FBI and his transition to the private sector. The conversation focuses on the innovative use of large language models (LLMs) to create Sigma rules for threat detection and the challenges faced along the way. Dave spoke about his four approaches to creating Sigma rules with AI, ultimately highlighting the benefits of prompt chaining and Retrieval Augmented Generation (RAG) systems.


Guest Socials: ⁠Dave's Linkedin

Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp


Questions asked:

(00:00) Introduction

(01:44) A word for our episode sponsor, Panoptica

(02:39) A bit about Dave Johnson

(03:33) What are Sigma Rules?

(04:36) Where to get started with Sigma Rules?

(05:27) Skills required to work with Sigma Rules

(06:32) The four approaches Dave took to Sigma Rules

(11:29) Are Sigma Rules complimentary to existing log systems?

(12:18) Challenges Dave had during his research

(14:09) Validating Sigma Rules

(16:01) Working on Sigma Rule Projects

(18:54) The Fun Section


Resources spoken about during the episode:

Dave's Website

SigmaHQ GitHub

Jaksot(345)

What is GOOD COMPANY CULTURE (WITH EXAMPLE ) during COVID19 with remote employees!

What is GOOD COMPANY CULTURE (WITH EXAMPLE ) during COVID19 with remote employees!

In this episode sponsored by Virtual Coffee with Ashish edition, we spoke with Graeme Cantu-Park, CISO of Matilion Host: Ashish Rajan - Twitter @hashishrajan Guest: Graeme Cantu-Park - Linkedin ...

31 Touko 202037min

What is a Connected Car | How to secure api in connected cars? - Virtual Coffee with Ashish - Alissa Knight

What is a Connected Car | How to secure api in connected cars? - Virtual Coffee with Ashish - Alissa Knight

In this episode of the Virtual Coffee with Ashish edition, we spoke with Alissa Knight, Car Hacker, Author, Cybersecurity Influencer and Entrepreneur Host: Ashish Rajan - Twitter @hashishrajan Gues...

24 Touko 20201h 3min

What is SRE? When should i have SRE? - Virtual Coffee with Ashish - Tim Heckman

What is SRE? When should i have SRE? - Virtual Coffee with Ashish - Tim Heckman

In this episode of the Virtual Coffee with Ashish edition, we spoke with Tim Heckman, Sr. SRE Netflix. Host: Ashish Rajan - Twitter @hashishrajan Guest: Tim Heckman What is SRE? Is it helpful t...

17 Touko 202040min

NIST CyberSecurity Metrics for the Board - Taylor Hersom

NIST CyberSecurity Metrics for the Board - Taylor Hersom

In this episode of the Virtual Coffee with Ashish edition, we spoke with @Taylor Hersom about Why do CyberSecurity Professionals need to think about talking Cyber Security to the board? What kind ...

10 Touko 202057min

Virtual Coffee with Ashish - Cloud Security Podcast & Hacker Valley Studio

Virtual Coffee with Ashish - Cloud Security Podcast & Hacker Valley Studio

In this episode, we sit with Chris Cochran & Ronald Eddings from Hacker Valley Studio. Chris Cochran & Ronald Eddings from Hacker Valley Studio & Ashish spoke about How did you get into CyberSecurit...

3 Touko 20201h

Scaling a DevSecOps model | SERVERLESS SECURITY BEST PRACTICES with Abhay Bhargav , CTO , we45

Scaling a DevSecOps model | SERVERLESS SECURITY BEST PRACTICES with Abhay Bhargav , CTO , we45

In this episode, we sit with Abhay Bhargav, CTO, we45. Abhay & Ashish spoke about What is Cloud Security? Is multi-cloud a thing? What is DevSecOps? What is a good maturity in the DevSecOps sp...

26 Huhti 202041min

CORONAVIRUS & CYBERSECURITY | ISOLATION LIFE

CORONAVIRUS & CYBERSECURITY | ISOLATION LIFE

In this episode, we are covering a trending topic CORONAVIRUS OR COVID19 and how it is affecting businesses around me and my friends & colleagues. I also talk about my personal challenge with starting...

19 Huhti 202010min

How to secure and improve cloud environment - Merritt Baer, Principal Security Architect, AWS

How to secure and improve cloud environment - Merritt Baer, Principal Security Architect, AWS

In this episode, we sit with Merritt Baer, Principal Security Architect, AWS. Merritt & Ashish spoke about What is Cloud Security? What does security look like in a mature organisation? How can...

11 Huhti 202052min