This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Sigma Rules & Converter
uberAgent ESA ships with Threat Detection rules derived from Sigma signatures. These rules are grouped by severity: critical, high, medium, and low.
By their nature, Sigma rules are pretty dynamic and may change quickly. Our Sigma rule coverage explorer web app lets you browse and explore which Sigma rules are supported in which uberAgent version - and why. See below for instructions on how to convert Sigma rules yourself with our Sigma converter.
Sigma Rules
Following is an excerpt of some Sigma rules that ship with uberAgent ESA:
- Detect Ryuk ransomware command lines
- Detect DNS tunnel activity for Muddywater actor
- Detect a suspicious PowerShell command-line combination as used by APT29 in a campaign against US think tanks
- Detect Russian group activity as described in Global Threat Report 2019 by Crowdstrike
- Detect a suspicious DLL loading from
AppData\Localas described in BlueMashroom report - Detect Chafer activity attributed to OilRig as reported in Nyotron report in March 2018
- Detect CrackMapExecWin activity as described by NCSC
- Detect Elise backdoor activity as used by APT32
- Detect the execution of DLL side-loading malware used by threat group Emissary Panda aka APT27
- Detect a specific tool and export used by EquationGroup
- Detects Golden Chickens deployment method as used by Evilnum in a report published in July 2020
- Detect tools and process executions as observed in a Greenbug campaign in May 2020
- Detect Judgement Panda activity as described in Global Threat Report 2019 by Crowdstrike
- Detect registry modifications performed by Ke3chang malware in campaigns running in 2019 and 2020
- Detects Trojan loader activity as used by APT28
- ...and hundreds more
Not all Sigma rules are enabled by default.
Sigma Converter
vast limits maintains a Sigma to uberAgent rule converter as part of the Sigma project. The converter is implemented as a Sigma backend. Please see the header of uberAgent’s Sigma rule files for instructions on how to invoke the conversion.
Share
Share
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.