The Security Operations team at Grafana Labs has developed a pySigma Grafana Loki backend that can help security teams identify suspicious or malicious activity in log files. They use the Sigma project , which is a generic structured format for sharing methods for identifying such activity in log files.
The pySigma Grafana Loki backend can take the Sigma rules you are interested in searching for and produce a LogQL query that you can use to find interesting or suspicious activity on your infrastructure and services.
The blog explains how to generate log data using Sysmon , collect the data with Promtail , store the data in Loki, and use Sigma rules to query for them in Grafana Cloud. The blog also shows how Sigma rules can be used with Grafana Alerting to notify you when they are triggered.
Share with your friends and followers
Start blogging about your favorite technologies, reach more readers and earn rewards!
Join other developers and claim your FAUN account now!
Only registered users can post comments. Please, login or signup.