Creating Effective Sigma Rules with AI
Cloud Security Podcast25 Jun 2024

Creating Effective Sigma Rules with AI

Can Threat Detection be enhanced with AI? Ashish sat down with Dave Johnson, Senior Threat Intelligence Advisor at Feedly, at BSides SF 2024, where Dave also presented a talk.

Dave shares his journey in cyber threat intelligence, including his 15-year career with the FBI and his transition to the private sector. The conversation focuses on the innovative use of large language models (LLMs) to create Sigma rules for threat detection and the challenges faced along the way. Dave spoke about his four approaches to creating Sigma rules with AI, ultimately highlighting the benefits of prompt chaining and Retrieval Augmented Generation (RAG) systems.


Guest Socials: ⁠Dave's Linkedin

Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp


Questions asked:

(00:00) Introduction

(01:44) A word for our episode sponsor, Panoptica

(02:39) A bit about Dave Johnson

(03:33) What are Sigma Rules?

(04:36) Where to get started with Sigma Rules?

(05:27) Skills required to work with Sigma Rules

(06:32) The four approaches Dave took to Sigma Rules

(11:29) Are Sigma Rules complimentary to existing log systems?

(12:18) Challenges Dave had during his research

(14:09) Validating Sigma Rules

(16:01) Working on Sigma Rule Projects

(18:54) The Fun Section


Resources spoken about during the episode:

Dave's Website

SigmaHQ GitHub

Episoder(345)

CSO Hall of Fame - 21 yrs in Cybersecurity: Challenges THEN & NOW

CSO Hall of Fame - 21 yrs in Cybersecurity: Challenges THEN & NOW

In this Mid Week special episode of the CISO Perspective edition, we spoke with Andy Ellis (@csoandy) is the Operating Partner at YL Ventures (@YLVentures) and the ex-CISO of Akamai (@Akamai). Episode...

10 Jun 202142min

Finding and Fixing SECURITY BUGS IN GOOGLE CLOUD - Dylan Ayrey

Finding and Fixing SECURITY BUGS IN GOOGLE CLOUD - Dylan Ayrey

In this episode of the Virtual Coffee with Ashish edition, we spoke with Dylan Ayrey (@insecurenature) is a Professional Hacker and Co-Founder of Truffle Security (@TruffleSecurity-Linkedin) Episode S...

6 Jun 20211h 1min

Attacking and Defending Managed Kubernetes Clusters - Brad Geesaman

Attacking and Defending Managed Kubernetes Clusters - Brad Geesaman

In this episode of the Virtual Coffee with Ashish edition, we spoke with Brad Geesaman (@bradgeesaman) is a Senior Cloud Native and Kubernetes Security Professional and the Co- Founder of Darkbit (@Da...

30 Mai 202159min

Kubernetes Runtime Threat Detection and Response - Falco, Sysdig

Kubernetes Runtime Threat Detection and Response - Falco, Sysdig

In this episode of the Virtual Coffee with Ashish edition, we spoke with Dan “POP“ Papandrea (@danpopnyc) is the CNCF Ambassador, Director of Open Source Community and Ecosystem (@sysdig) and Podcast ...

23 Mai 202152min

Study Hall - Attacking K8S Cluster Defaults!

Study Hall - Attacking K8S Cluster Defaults!

In this Study Hall - Ashish goes through Kubernetes Components to start understanding the Kubernetes Architecture READ the Multi-part Medium Article here - Ultimate Guide to Kubernetes Security For...

20 Mai 202125min

Start here for Kubernetes Security - Magno Logan

Start here for Kubernetes Security - Magno Logan

In this episode of the Virtual Coffee with Ashish edition, we spoke with Magno Logan (@MagnoLogan) is the Security Researcher, Trend Micro(@TrendMicro) Episode ShowNotes, Links and Transcript on Cloud...

16 Mai 202158min

Study Hall - Kubernetes Concepts and Architecture Explained!

Study Hall - Kubernetes Concepts and Architecture Explained!

In this Study Hall - Ashish goes through Kubernetes Components to start understanding the Kubernetes Architecture READ the Multi-part Medium Article here - Ultimate Guide to Kubernetes Security For ...

12 Mai 202119min

Risk Analysis of Kubernetes Security - Mark Manning, Snowflake

Risk Analysis of Kubernetes Security - Mark Manning, Snowflake

In this episode of the Virtual Coffee with Ashish edition, we spoke with Mark Manning (@antitree) is the Principal Security Architect at Snowflake(@SnowflakeDB). Before this he used to run Kubernetes ...

9 Mai 202149min

Populært innen Teknologi

lydartikler-fra-aftenposten
romkapsel
energi-og-klima
teknisk-sett
tomprat-med-gunnar-tjomlid
elektropodden
nasjonal-sikkerhetsmyndighet-nsm
fornybaren
rss-impressions-2
shifter
teknologi-og-mennesker
rss-polypod
pedagogisk-intelligens
rss-ai-forklart
smart-forklart
rss-ki-praten
i-loopen
rss-digitaliseringspadden
rss-alt-vi-kan
rss-forenklingspodden