Does McAfee support custom and/or user created rules like SIGMA?
Sigma, created by Florian Roth and Thomas Patzke, is an open source project to create a generic signature format for SIEM systems. The common analogy is that Sigma is the log file equivalent of what Snort is to IDS and what YARA is for file based malware detection.
Re: Does McAfee support custom and/or user created rules like SIGMA?
This question is a little too vague to provide a clear answer to. If you're asking if you can create custom rules on McAfee SIEM - yes, absolutely. Our Advanced Syslog Parser engine can run custom rules and it is supported to use the engine for such things.
However, McAfee SIEM Support (i.e. the support team) are unable to provide support for custom rules - if you believe the engine is misbehaving then we can work on that, but if your rule does not provide the expected outcome due to not being written correctly, then we do not have the resources to provide that level of customisation.
If you need McAfee to write customisation of your SIEM for you, our Professional Services team can deliver that. If you believe the product would be improved in general through supporting a different method of creating or delivering rules, this would be a Product Idea and I recommend following KB60021 and detailing how this would improve the product for everyone.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.