cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Mayhaps
Level 9
Report Inappropriate Content
Message 1 of 3

Does McAfee support custom and/or user created rules like SIGMA?

Sigma, created by Florian Roth and Thomas Patzke, is an open source project to create a generic signature format for SIEM systems. The common analogy is that Sigma is the log file equivalent of what Snort is to IDS and what YARA is for file based malware detection.

Examples:

https://sigma.socprime.com/

https://github.com/Neo23x0/sigma

Does McAfee SIEM support user-created rules in such a manner?

2 Replies
lratcliffe
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Does McAfee support custom and/or user created rules like SIGMA?

This question is a little too vague to provide a clear answer to.  If you're asking if you can create custom rules on McAfee SIEM - yes, absolutely.  Our Advanced Syslog Parser engine can run custom rules and it is supported to use the engine for such things.

However, McAfee SIEM Support (i.e. the support team) are unable to provide support for custom rules - if you believe the engine is misbehaving then we can work on that, but if your rule does not provide the expected outcome due to not being written correctly, then we do not have the resources to provide that level of customisation.

If you need McAfee to write customisation of your SIEM for you, our Professional Services team can deliver that.  If you believe the product would be improved in general through supporting a different method of creating or delivering rules, this would be a Product Idea and I recommend following KB60021 and detailing how this would improve the product for everyone.

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Raph19
Level 8
Report Inappropriate Content
Message 3 of 3

Re: Does McAfee support custom and/or user created rules like SIGMA?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community