{"id":15075,"date":"2022-12-05T17:28:15","date_gmt":"2022-12-05T16:28:15","guid":{"rendered":"https:\/\/www.nextron-systems.com\/?p=15075"},"modified":"2024-04-12T16:33:26","modified_gmt":"2024-04-12T14:33:26","slug":"sigma-rule-feed-in-valhalla","status":"publish","type":"post","link":"https:\/\/www.nextron-systems.com\/2022\/12\/05\/sigma-rule-feed-in-valhalla\/","title":{"rendered":"Sigma Rule Feed in Valhalla"},"content":{"rendered":"

[et_pb_section fb_built=”1″ _builder_version=”4.19.1″ _module_preset=”default” da_disable_devices=”off|off|off” global_colors_info=”{}” da_is_popup=”off” da_exit_intent=”off” da_has_close=”on” da_alt_close=”off” da_dark_close=”off” da_not_modal=”on” da_is_singular=”off” da_with_loader=”off” da_has_shadow=”on”][et_pb_row _builder_version=”4.19.1″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.19.1″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.19.1″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n

Nextron Systems has always supported the Sigma project, investing hundreds of work hours into creating and maintaining the community rules shared in the <\/span>public Sigma rule repository<\/span><\/a>. Apart from the community support, we’ve created a set of internal detection rules for our products,\u00a0<\/span>THOR<\/span><\/a>\u00a0and\u00a0<\/span>Aurora<\/span><\/a>, that we kept confidential for various reasons and didn’t share publicly.<\/span><\/p>\n

Today we are glad to announce that we’ve started feeding these rules into the Valhalla service.<\/span><\/p>\n

[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.19.1″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.19.1″ _module_preset=”default” global_colors_info=”{}”][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2022\/12\/Screenshot-2022-12-05-at-13.17.57.png” title_text=”Screenshot 2022-12-05 at 13.17.57″ url=”https:\/\/valhalla.nextron-systems.com\/” _builder_version=”4.19.1″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”2_5,3_5″ _builder_version=”4.19.1″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”2_5″ _builder_version=”4.19.1″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.19.1″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n

Similarly to the YARA feed, we’ve integrated all types of Sigma rules, publicly shared and private rules.<\/p>\n

Using the “demo” API key, you can retrieve all public rules in a structured form from Valhalla.<\/p>\n

[\/et_pb_text][\/et_pb_column][et_pb_column type=”3_5″ _builder_version=”4.19.1″ _module_preset=”default” global_colors_info=”{}”][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2022\/12\/Screenshot-2022-12-05-at-16.42.31.png” title_text=”Screenshot 2022-12-05 at 16.42.31″ _builder_version=”4.19.1″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.19.1″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.19.1″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.19.1″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n

The private Sigma rule feed contains 190 Sigma rules at the date of this blog post and is expected to grow by 600 rules every year. The following table from the front page of the Valhalla web service shows the different categories and the number of rules per category.<\/p>\n

[\/et_pb_text][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2022\/12\/Screenshot-2022-12-05-at-16.46.48.png” title_text=”Screenshot 2022-12-05 at 16.46.48″ _builder_version=”4.19.1″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”2_5,3_5″ _builder_version=”4.19.1″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”2_5″ _builder_version=”4.19.1″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.19.1″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n

The Sigma rules can be retrieved in plain text or JSON format.<\/p>\n

The JSON format allows users to filter or select based on certain values without parsing the rules, e.g., “only select rules that have been modified in the last 7 days”.\u00a0<\/p>\n

[\/et_pb_text][\/et_pb_column][et_pb_column type=”3_5″ _builder_version=”4.19.1″ _module_preset=”default” global_colors_info=”{}”][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2022\/12\/Screenshot-2022-12-05-at-17.00.09.png” title_text=”Screenshot 2022-12-05 at 17.00.09″ _builder_version=”4.19.1″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.19.2″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.19.2″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.19.2″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n

Getting started<\/h3>\n

We offer the Sigma feed subscription independently of the YARA rule subscription at a much lower price. If you’re interested, please get in touch with your sales representative for pricing information or fill out this form<\/a>.<\/p>\n

 <\/p>\n

[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"

Nextron Systems has always supported the Sigma project, investing hundreds of work hours into creating and maintaining the community rules shared in the public Sigma rule repository. Apart from the community support, we’ve created a set of internal detection rules for our products,\u00a0THOR\u00a0and\u00a0Aurora, that we kept confidential for various reasons and didn’t share publicly. Today we are glad to announce that we’ve started feeding these rules into the Valhalla service.Similarly to the YARA feed, we’ve integrated all types of Sigma rules, publicly shared and private rules. Using the “demo” API key, you can retrieve all public rules in a structured form from Valhalla.The private Sigma rule feed contains 190 Sigma rules at the date of this blog post and is expected to grow by 600 rules every year. The following table from the front page of the Valhalla web service shows the different categories and the number of rules per category.The Sigma rules can be retrieved in plain text or JSON format. The JSON format allows users to filter or select based on certain values without parsing the rules, e.g., “only select rules that have been modified in the last 7 days”.\u00a0Getting started We offer the Sigma feed subscription independently […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[749,46,549,193],"tags":[683,158,685,684,62,59,686,551],"class_list":["post-15075","post","type-post","status-publish","format-standard","hentry","category-homepage","category-newsletter","category-sigma","category-valhalla","tag-buy","tag-feed","tag-high-quality","tag-purchase","tag-rules","tag-sigma","tag-subscription","tag-valhalla"],"yoast_head":"\nSigma Rule Feed in Valhalla - Nextron Systems<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.nextron-systems.com\/2022\/12\/05\/sigma-rule-feed-in-valhalla\/\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.nextron-systems.com\/2022\/12\/05\/sigma-rule-feed-in-valhalla\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.nextron-systems.com\/2022\/12\/05\/sigma-rule-feed-in-valhalla\/\"},\"author\":{\"name\":\"Florian Roth\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919\"},\"headline\":\"Sigma Rule Feed in Valhalla\",\"datePublished\":\"2022-12-05T16:28:15+00:00\",\"dateModified\":\"2024-04-12T14:33:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.nextron-systems.com\/2022\/12\/05\/sigma-rule-feed-in-valhalla\/\"},\"wordCount\":714,\"publisher\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#organization\"},\"keywords\":[\"buy\",\"feed\",\"high quality\",\"purchase\",\"Rules\",\"Sigma\",\"subscription\",\"VALHALLA\"],\"articleSection\":[\"Homepage\",\"Newsletter\",\"Sigma\",\"VALHALLA\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.nextron-systems.com\/2022\/12\/05\/sigma-rule-feed-in-valhalla\/\",\"url\":\"https:\/\/www.nextron-systems.com\/2022\/12\/05\/sigma-rule-feed-in-valhalla\/\",\"name\":\"Sigma Rule Feed in Valhalla - Nextron Systems\",\"isPartOf\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#website\"},\"datePublished\":\"2022-12-05T16:28:15+00:00\",\"dateModified\":\"2024-04-12T14:33:26+00:00\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.nextron-systems.com\/2022\/12\/05\/sigma-rule-feed-in-valhalla\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.nextron-systems.com\/#website\",\"url\":\"https:\/\/www.nextron-systems.com\/\",\"name\":\"Nextron Systems\",\"description\":\"We Detect Hackers\",\"publisher\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.nextron-systems.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.nextron-systems.com\/#organization\",\"name\":\"Nextron Systems GmbH\",\"url\":\"https:\/\/www.nextron-systems.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png\",\"contentUrl\":\"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png\",\"width\":260,\"height\":260,\"caption\":\"Nextron Systems GmbH\"},\"image\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919\",\"name\":\"Florian Roth\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g\",\"caption\":\"Florian Roth\"},\"description\":\"Florian Roth serves as the Head of Research and Development at Nextron Systems. With a background in IT security since 2000, he has delved deep into nation-state cyber attacks since 2012. Florian has developed the THOR Scanner and actively engages with the community via his Twitter handle @cyb3rops. He has contributed to open-source projects, including 'Sigma', a generic SIEM rule format, and 'LOKI', an open-source scanner. Additionally, he has shared valuable resources like a mapping of APT groups and operations and an Antivirus Event Analysis Cheat Sheet.\",\"url\":\"https:\/\/www.nextron-systems.com\/author\/florian\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Sigma Rule Feed in Valhalla - Nextron Systems","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.nextron-systems.com\/2022\/12\/05\/sigma-rule-feed-in-valhalla\/","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.nextron-systems.com\/2022\/12\/05\/sigma-rule-feed-in-valhalla\/#article","isPartOf":{"@id":"https:\/\/www.nextron-systems.com\/2022\/12\/05\/sigma-rule-feed-in-valhalla\/"},"author":{"name":"Florian Roth","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919"},"headline":"Sigma Rule Feed in Valhalla","datePublished":"2022-12-05T16:28:15+00:00","dateModified":"2024-04-12T14:33:26+00:00","mainEntityOfPage":{"@id":"https:\/\/www.nextron-systems.com\/2022\/12\/05\/sigma-rule-feed-in-valhalla\/"},"wordCount":714,"publisher":{"@id":"https:\/\/www.nextron-systems.com\/#organization"},"keywords":["buy","feed","high quality","purchase","Rules","Sigma","subscription","VALHALLA"],"articleSection":["Homepage","Newsletter","Sigma","VALHALLA"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.nextron-systems.com\/2022\/12\/05\/sigma-rule-feed-in-valhalla\/","url":"https:\/\/www.nextron-systems.com\/2022\/12\/05\/sigma-rule-feed-in-valhalla\/","name":"Sigma Rule Feed in Valhalla - Nextron Systems","isPartOf":{"@id":"https:\/\/www.nextron-systems.com\/#website"},"datePublished":"2022-12-05T16:28:15+00:00","dateModified":"2024-04-12T14:33:26+00:00","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.nextron-systems.com\/2022\/12\/05\/sigma-rule-feed-in-valhalla\/"]}]},{"@type":"WebSite","@id":"https:\/\/www.nextron-systems.com\/#website","url":"https:\/\/www.nextron-systems.com\/","name":"Nextron Systems","description":"We Detect Hackers","publisher":{"@id":"https:\/\/www.nextron-systems.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.nextron-systems.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.nextron-systems.com\/#organization","name":"Nextron Systems GmbH","url":"https:\/\/www.nextron-systems.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png","contentUrl":"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png","width":260,"height":260,"caption":"Nextron Systems GmbH"},"image":{"@id":"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919","name":"Florian Roth","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g","caption":"Florian Roth"},"description":"Florian Roth serves as the Head of Research and Development at Nextron Systems. With a background in IT security since 2000, he has delved deep into nation-state cyber attacks since 2012. Florian has developed the THOR Scanner and actively engages with the community via his Twitter handle @cyb3rops. He has contributed to open-source projects, including 'Sigma', a generic SIEM rule format, and 'LOKI', an open-source scanner. Additionally, he has shared valuable resources like a mapping of APT groups and operations and an Antivirus Event Analysis Cheat Sheet.","url":"https:\/\/www.nextron-systems.com\/author\/florian\/"}]}},"_links":{"self":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts\/15075","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/comments?post=15075"}],"version-history":[{"count":9,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts\/15075\/revisions"}],"predecessor-version":[{"id":15098,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts\/15075\/revisions\/15098"}],"wp:attachment":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/media?parent=15075"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/categories?post=15075"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/tags?post=15075"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}