Go offline with the Player FM app!
Creating Effective Sigma Rules with AI
Manage episode 425603249 series 2853525
Can Threat Detection be enhanced with AI? Ashish sat down with Dave Johnson, Senior Threat Intelligence Advisor at Feedly, at BSides SF 2024, where Dave also presented a talk.
Dave shares his journey in cyber threat intelligence, including his 15-year career with the FBI and his transition to the private sector. The conversation focuses on the innovative use of large language models (LLMs) to create Sigma rules for threat detection and the challenges faced along the way. Dave spoke about his four approaches to creating Sigma rules with AI, ultimately highlighting the benefits of prompt chaining and Retrieval Augmented Generation (RAG) systems.
Guest Socials: Dave's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(01:44) A word for our episode sponsor, Panoptica
(02:39) A bit about Dave Johnson
(03:33) What are Sigma Rules?
(04:36) Where to get started with Sigma Rules?
(05:27) Skills required to work with Sigma Rules
(06:32) The four approaches Dave took to Sigma Rules
(11:29) Are Sigma Rules complimentary to existing log systems?
(12:18) Challenges Dave had during his research
(14:09) Validating Sigma Rules
(16:01) Working on Sigma Rule Projects
(18:54) The Fun Section
Resources spoken about during the episode:
267 episodes
Manage episode 425603249 series 2853525
Can Threat Detection be enhanced with AI? Ashish sat down with Dave Johnson, Senior Threat Intelligence Advisor at Feedly, at BSides SF 2024, where Dave also presented a talk.
Dave shares his journey in cyber threat intelligence, including his 15-year career with the FBI and his transition to the private sector. The conversation focuses on the innovative use of large language models (LLMs) to create Sigma rules for threat detection and the challenges faced along the way. Dave spoke about his four approaches to creating Sigma rules with AI, ultimately highlighting the benefits of prompt chaining and Retrieval Augmented Generation (RAG) systems.
Guest Socials: Dave's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(01:44) A word for our episode sponsor, Panoptica
(02:39) A bit about Dave Johnson
(03:33) What are Sigma Rules?
(04:36) Where to get started with Sigma Rules?
(05:27) Skills required to work with Sigma Rules
(06:32) The four approaches Dave took to Sigma Rules
(11:29) Are Sigma Rules complimentary to existing log systems?
(12:18) Challenges Dave had during his research
(14:09) Validating Sigma Rules
(16:01) Working on Sigma Rule Projects
(18:54) The Fun Section
Resources spoken about during the episode:
267 episodes
All episodes
×Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.