Thomas Patzke
Thomas has 18 years experience in information security and has done lots of stuff in this area, from offensive to defensive security topics. Now he is doing incident response, threat hunting and threat intelligence at the Evonik Cyber Defense Team. Furthermore, he is co-founder of the Sigma project and maintains the open source toolchain (pySigma/Sigma CLI).
Sessions
Maintaining an open source security project for almost 8 years gives lots of opportunity for collecting experiences...good and bad ones. Time for sharing the experience from maintaining Sigma!
Log events appear differently in SIEMs. There are plenty of different taxonomies, possibilities for customization or just migration scenarios that make it challenging to generate queries from Sigma rules that match on events in given log repositories. Processing pipelines are a feature of the open source Sigma toolchain that offer a solution for these challenges and this session is about some real-world use cases for them.