Weaponizing SIGMA Virtual Workshop

Hands on training focused on using SIGMA rules to build portable, vendor neutral detections across modern security environments. This virtual workshop walks participants through creating adversary activity, writing SIGMA rules from scratch and testing them in Splunk within an isolated lab. The session shows how SIGMA enables teams to write detections once and deploy them consistently across multiple tools, improving visibility and reducing duplicated effort.

Participants will practice translating SIGMA into Splunk SPL, validating detections using endpoint logs and SIEM data and hunting for real world behaviors such as malicious PowerShell activity and registry Run key abuse. The workshop also explains how SIGMA supports real time detection and strengthens purple team workflows, making it a practical session for defenders who want to improve detection quality and efficiency.