A generic detection signature format that converts to any SIEM dialect.
Sigma is a YAML-based open standard for describing log detection rules in a SIEM-agnostic way. A single Sigma rule can be converted to Splunk SPL, Microsoft Sentinel KQL, Elastic Lucene/EQL, Google SecOps YARA-L, OpenSearch and others via the pySigma toolchain.
The format separates rule logic (selections, conditions) from log-source descriptors (product, service, category) so the same detection can target multiple log shapes. CloudSigma generates Sigma rules from threat intelligence and validates them through pySigma backend conversion before publication.