Sigma Rules Integration Pack


SOC Prime Community

App Support Tiers


Support via Micro Focus Software Support, with a ticket filed against the associated product.


Micro Focus offers a content partnership program for select partners. Support for Partner Content offerings is provided by the partner and not by Micro Focus of the Micro Focus community.


Micro Focus Community Content is provided by Micro Focus for the benefit of customers, support for it is not available via Micro Focus Software Support but through specific community content forums.


Community Contributed Content is provided by Micro Focus customers and supported by them.

SOC Prime | Community

Sigma Rules Integration Pack is a free package developed by SOC Prime for integrating Sigma rules into ArcSight ESM, Command Center and Logger for threat hunting purposes.


Sigma is a new revolutionary way to make better and faster threat detection content for SIEM! Sigma Rules Integration Pack is a free package developed by SOC Prime for integrating Sigma rules into ArcSight ESM, Command Center and Logger for threat hunting purposes. Content includes SOC-ready dashboard, SOC channel and Flex connector to enrich and pickup Sigma search results. An online Sigma UI tool including spell-check and exporter to most common SIEM platforms is free at Sigma is a generic and open signature format that allows you to describe relevant log events in a straight forward manner. The rule format is very flexible, easy to write and applicable to any type of log file. The main purpose of this project is to provide a structured form in which researchers or analysts can describe their once developed detection methods and make them shareable with others. Sigma is for log files what Snort is for network traffic and YARA is for files. Sigma is a private project mainly developed by Florian Roth and Thomas Patzke with feedback from many fellow analysts and friends. “Rules are our own or have been derived from blog posts, tweets or other public sources that are referenced in the rules.”

Sigma Use Cases

  • Describe your once discovered detection method in Sigma to make it shareable
  • Share the signature in the appendix of your analysis along with file hashes and C2 servers
  • Share the signature in threat intel communities - e.g. via MISP
  • Provide Sigma signatures for malicious behavior in your own application (Error messages, access violations, manipulations)
  • Integrate a new log into your SIEM and check the Sigma repository for available rules
  • Write a rule converter for your custom log analysis tool and process new Sigma rules automatically
  • Provide a free or commercial feed for Sigma signatures

Official Sigma repository:

Minimum Requirements

 CEF events generated with Sigma Rule Flex connector included in the package. 


Sigma Rules Integration Pack 1.0
342.6 KB
Mar 9, 2018
More info Less info
Product compatibility
Version 7.0
Version 6.9.1 · 6.11.0
ESM Express
Version 6.9.1
Release notes

Version 1.0  

  • Initial version. 

Similar items

Unsubscribe from notifications

You are receiving release updates for this item because you have subscribed to the following products:
If you unsubscribe, you will no longer receive any notifications for these products.
Tip: to update your subscription preferences, go to Manage Subscriptions from your Dashboard, uncheck the products you no longer want to receive notifications for, and click 'Save'.

Marketplace Terms of Service

In order to continue, you must accept the Marketplace Terms of Service
Since you are downloading an app from the Micro Focus unified Marketplace using an Access Manager account, you need to also accept the Micro Focus Marketplace Terms of Service before you can continue. Use the link to review the Marketplace Terms of Service. Once complete check the, "I accept the Marketplace Terms of Service" box below and click accept to continue your download.

Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox

release-rel-2020-2-2-pardot-2160 | Sun Feb 23 08:42:23 PST 2020