Threat Alert Logic Repository (TALR)
A public repository for the collection and sharing of detection rules in STIX format. Collected rules are appended with STIX required fields for simplified sharing over TAXII servers.
Contains tools useful for translating rules from STIX to Sigma, and automating their ingestion/translation.
- Rules can be found in Sigma format in /Rules/
- Rules can be found as STIX bundles in /Bundles/
- Tool for unpacking bundles (stix2sigmac) in /Tools/
TALR Vision
Sharing SIEM Rules via STIX/TAXII, which enables:
- Highly scalable sharing of SIEM rules by translating sigma style rules to STIX objects. This allows for sharing over TAXII.
- Tactical and informed response. By pulling down STIX objects related to SIEM rules that fired, you can inform your response based on the Threat Actor, Campaign, TTP, indicators, etc. that may be related.
- Automated ingestion of new SIEM Rules by running new STIX bundles through stix2sigmac, and receiving new SIEM rules in the syntax of your choice.
- Benchmarking rules against similar organizations by sharing rules and intel over shared TAXII servers, keeping each other updated with observed and industry-specific SIEM content.
- The easier transition between SIEM vendors, as stix2sigmac organizes and stores a local copy of every rule run through it in sigma format.
Download && Use
