Skip to content

Latest commit

 

History

History
43 lines (29 loc) · 3.43 KB

README.md

File metadata and controls

43 lines (29 loc) · 3.43 KB

AIP To Sigma

Description

This project contains rules from F5 Distributed Cloud App Infrastructure Protection (AIP) in the Sigma format. Sigma is a "Generic Signature Format for SIEM Systems" and could best be summed up as "Sigma is for log files what Snort is for network traffic and YARA is for files".

Since AIP reached End-Of-Sale in June 2023 and will reach End-Of-Life in June 2024 the AIP Detection Engineering Team decided to create Sigma version of as many of our rules as possible so customers can take advantage of our rules in other products after June 2024. If any changes are made to existing rules in the AIP product or if new rules are created those changes will be pushed to this project shortly after.

These rules are provided "as is" though every effort has been made to make them align as closely as possible with the AIP version of the rule. Field names have been changed to align with the Sigma specification and not every AIP rule will have a Sigma version. There is likely going to be overlap with the base Sigma rules.

Usage

Rules can be converted into queries using the following tools:

If you would like to look up the AIP version of a rule the id field matches up with the Rule ID in the AIP platform if you are subscribed to Managed Rules.

Support

While each rule has been run through the Sigma CLI in order to check for syntax errors please open up an Issue if you discover a syntax error.

If you are an AIP customer and have any questions about this project please reach out to your PSE or the AIP SOC.

Coverage and Roadmap

As of December 18th, 2023 we have converted 82% of the rules in the AIP Platform with 298 out of 363 converted. Of the remaining 65 rules: 45 cannot be converted, 4 are covered by other rules, and 16 require additional work. Updates will be made to the repo as we complete work on the remaining 16 rules.

Contributing

At this time we are not accepting pull requests.

Maintainers

Ethan Hansen Levi Smith Bria Atchley

Acknowledgments

The original Sigma project was developed by Florian Roth and Thomas Patzke.

License

The content of this repository is released under the following licenses:

Copies of these licenses are included in this repo.