SIEM × Platform · Splunk · Windows Security

Splunk detections for Windows Security

Sigma rule outputs from CloudSigma rendered into Splunk queries against the Windows Security schema. Every rule is mapped to MITRE ATT&CK and validated against its dialect.

01 Coverage at a glance
2
Production rules
2
ATT&CK techniques
2
ATT&CK tactics
Splunk
Output dialect
02 Rule index
Technique Rule Severity Log source
T1078 Valid Accounts on Windows Security medium Windows Security
T1098 Account Manipulation on Windows Security medium Windows Security
03 Example rule

No rule in this category currently meets our embed bar. CloudSigma generates Sigma rules from CVE advisories, vulnerability disclosures and security research; if you have a relevant input, generate a Splunk-targeted rule there and deploy it in your SIEM.

← Back to Sigma library
Sources
  • Sigma project, https://github.com/SigmaHQ/sigma
  • Splunk documentation, https://docs.splunk.com/
Last verified: 2026-04-24