Boost Your SIEM with High-Quality Threat Detection Rules
Supercharge your Elastic Security capabilities with this comprehensive bundle of 1165 Sigma rules,
expertly converted for immediate use in your SIEM. Derived from the industry-standard SigmaHQ repository,
these Cybersecurity Rules provide robust coverage against a wide range of TTPs (Tactics, Techniques, and Procedures).
Designed for SOC analysts and threat hunters, this package helps you detect advanced threats, including Windows Security anomalies,
suspicious Process Creation, and potential Malware Detection events. The rules are provided as an
Importable NDJSON file, ready to be uploaded directly as Kibana Saved Objects.
Compatibility & Requirements
- Platform: Elastic Stack (ELK) & Elastic Security
- Versions: Compatible with Elastic Stack 8.x (8.0 – 8.17+) and Serverless
- Format: Kibana Saved Objects (NDJSON)
- Schema: Mapped to ECS (Elastic Common Schema)
Top MITRE ATT&CK Tactics Covered
This bundle offers significant depth across the MITRE ATT&CK framework. Key tactics covered include:
- Defense Evasion: 600 rules
- Execution: 329 rules
- Privilege Escalation: 169 rules
- Persistence: 150 rules
- Credential Access: 111 rules
Installation Instructions
- Download the
.zipfile and extract the.ndjsonfile. - Open Kibana and navigate to Stack Management > Saved Objects.
- Click Import and select the extracted NDJSON file.
- Ensure “Check for existing objects” is selected to avoid duplicates.
- Once imported, the rules will appear in the Security > Rules section, ready to be enabled.
Updated on February 15, 2026. Source: SigmaHQ.
| Tested versions | |
| ECS compliant |
You must log in to submit a review.
