SigHunt
Premium roomYou are tasked to create detection rules based on a new threat intel.
medium
To access material, start machines and answer questions login.
This room aims to be a supplementary room for Sigma rule creation. In this scenario, you will act as one of the Detection Engineers that will craft Sigma Rules based on the Indicators of Compromise (IOCs) collected by your Incident Responders.
Prerequisites
This room requires basic knowledge of detection engineering and Sigma rule creation. We recommend going through the following rooms before attempting this challenge.
SigHunt Interface
Before we proceed, deploy the attached machine in this task since it may take up to 3-5 minutes to initialize the services.
Then, use this link to access the interface - ://MACHINE_IP (opens in new tab)
How to use the SigHunt Interface:
- Run - Submit your Sigma rule and see if it detects the malicious .
- Text Editor - Write your Sigma rule in this section.
- Create Rule - Create a Sigma rule for the malicious .
- View Log - View the log details associated with the malicious .
Ready to learn Cyber Security?
The SigHunt room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in