Sigma, created by Florian Roth and Thomas Patzke, is an open source project to create a generic signature format for SIEM systems. The common analogy is that Sigma is the log file equivalent of what Snort is to IDS and what YARA is for file based malware detection.
Examples:
https://github.com/Neo23x0/sigma
Does McAfee SIEM support user-created rules in such a manner?
This question is a little too vague to provide a clear answer to. If you're asking if you can create custom rules on McAfee SIEM - yes, absolutely. Our Advanced Syslog Parser engine can run custom rules and it is supported to use the engine for such things.
However, McAfee SIEM Support (i.e. the support team) are unable to provide support for custom rules - if you believe the engine is misbehaving then we can work on that, but if your rule does not provide the expected outcome due to not being written correctly, then we do not have the resources to provide that level of customisation.
If you need McAfee to write customisation of your SIEM for you, our Professional Services team can deliver that. If you believe the product would be improved in general through supporting a different method of creating or delivering rules, this would be a Product Idea and I recommend following KB60021 and detailing how this would improve the product for everyone.
FYi - A PER has been raise (but only VSE is tagged so far).
McAfee Support Community - Mcafee Products integration with Sigma rules - McAfee Support Community
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA