unicorn trio poses-03 (1) (1)-2-1

    Overview

    Step into our Weaponizing Sigma workshop and get hands on with tools defenders actually use. SIGMA rules are a universal, vendor-neutral way to write detections once and deploy them anywhere, giving you faster, cleaner, and more consistent visibility across your entire security stack. In this session, you'll create adversary activity, build your own Sigma rules, and put them to the test in Splunk; all inside your own isolated lab environment.

    You'll walk away with the skills to:
    👉 Write effective, high-quality SIGMA rules from scratch.
    👉 Translate SIGMA into Splunk SPL and hunt like a pro.
    👉 Use Endpoint Logs + SIEM to validate detections.
    👉 Hunt on behaviors like malicious PowerShell activity and Run key modifications.

    Join us as we:

    In modern cybersecurity, we often utilize many tools in our security stack. This can make creating rules and detections that work with our tools cumbersome. With SIGMA rules, we can quickly utilize the same detection across our security stack. Why duplicate work when we can write it once?

    🦄 Define SIGMA.

    🦄 Explore the benefits it can provide you and your organization's defensive team.

    🦄 Unveil how to read/write SIGMA rules.

    🦄 Leverage SIGMA rules to implement detections in real time.

    🦄 Uncover how SIGMA can help advance your Purple Teaming efforts.

    📅  14 January 2026

    🕐 1 - 4 PM (ET)

    All you need is just a computer with a compatible web browser and of course, your appetite to learn 😉

    Please register using a valid email address so we can provision your VMware lab environment before the workshop

    SCYTHE - Weaponizing SIGMA Workshop

    Register Now!