Sigma
Community project
The generic, YAML-based signature format for SIEM detections — write a detection once, convert it to the query language of whichever SIEM you run. The conversion tooling (pySigma, sigma-cli) is LGPL-licensed open source, but the community rule repository ships under the non-OSI Detection Rule License, so the project as a whole is mixed-license rather than fully open source.
Verified Source: 1
- Product type
- Community project
- Deployment
- CLI
- Organization size
- IndividualSMBMid-marketEnterprise
- Pricing tier
- Free
Capability checklist
SIEMHow Sigma measures up against the full Security Information & Event Management taxonomy.
- Broad log ingestion — not supported
- Collects and normalizes logs from network, endpoint, cloud, and SaaS sources.
- Correlation & detection rules — supported
- Turns raw events into alerts via built-in and custom detection logic.
- Fast historical search — not supported
- Query months of data quickly during investigations.
- Behavior analytics (UEBA) — not supported
- Baselines user and entity behavior to flag anomalies.
- Dashboards & reporting — not supported
- Compliance and operational reporting out of the box.
- Detection-as-code — supported
- Manage detection rules in version control with CI.
Alternatives
Other Security Information & Event Management tools with overlapping capabilities, sized for similar teams.