Use sigma rules in Azure Sentinel

If you have worked with the sigma specification or tool that implement it in the past, you probably want to continue use your sigma rules. For anyone who is new to Azure Sentinel, sigma rules are a great way to learn about signature rules and specifications that practically all modern SIEM systems support. We will convert existing sigma rules to Log Analytics queries (KQL) that are usable in Azure Sentinel (KQL) and apply them to our Azure Sentinel Workspace.

This post is a part of our Azure Sentinel series. The following posts are also part of this series:

• Azure Sentinel Introduction
• Azure Sentinel Basic Configuration
• Azure Sentinel How to use sigma rules
• Azure Sentinel Threat Hunting (Coming soon)