Join us

FAUN.dev() is where engineers from GitHub, Netflix, and Shopify go to stay ahead — fast.

An effortless, straightforward way to keep up with technologies...so you can keep your tabs closed and your mind open!
70,000+ developers already joined our ecosystem ⭐⭐⭐⭐⭐
Trusted by engineers at:
Google Microsoft AWS Netflix

A guide to cyber threat hunting with Promtail, Grafana Loki, Sigma, and Grafana Cloud

@faun ・ May 01,2023

A guide to cyber threat hunting with Promtail, Grafana Loki, Sigma, and Grafana Cloud
The Security Operations team at Grafana Labs has developed a pySigma Grafana Loki backend that can help security teams identify suspicious or malicious activity in log files. They use the Sigma project , which is a generic structured format for sharing methods for identifying such activity in log files.

The pySigma Grafana Loki backend can take the Sigma rules you are interested in searching for and produce a LogQL query that you can use to find interesting or suspicious activity on your infrastructure and services.

The blog explains how to generate log data using Sysmon , collect the data with Promtail , store the data in Loki, and use Sigma rules to query for them in Grafana Cloud. The blog also shows how Sigma rules can be used with Grafana Alerting to notify you when they are triggered.

Let's keep in touch!

Stay updated with my latest posts and news. I share insights, updates, and exclusive content.

Unsubscribe anytime. By subscribing, you share your email with @faun and accept our Terms & Privacy.

Give a Pawfive to this post!

Only registered users can post comments. Please, login or signup.

Share with your friends and followers

Start writing about what excites you in tech — connect with developers, grow your voice, and get rewarded.

Join other developers and claim your FAUN.dev() account now!

Publish your first story!

FAUN.dev() is where engineers from GitHub, Netflix, and Shopify go to stay ahead — fast.

An effortless, straightforward way to keep up with technologies...so you can keep your tabs closed and your mind open!
70,000+ developers already joined our ecosystem ⭐⭐⭐⭐⭐
Trusted by engineers at:
Google Microsoft AWS Netflix
Avatar

The FAUN

FAUN.dev()

@faun
The FAUN watches over the forest of developers. It roams between Kubernetes clusters, code caves, AI trails, and cloud canopies, gathering the signals that matter and clearing out the noise.
Developer Influence
3k

Influence

302k

Total Hits

3711

Posts

Join and showcase your work and skills