logo-drone-binalyze-whiteSigma Scanner

Run Sigma rules on a live machine

 

Run Sigma rules on a live machine with DRONE

Sigma is a community effort to write detections for IoC’s, and now with DRONE, you can scan these IoC’s on a live machine. Typically, these Sigma rules are designed to be executed or scanned on SIEM logs but with DRONE, you can find these IoC’s directly on the live machine. We have also added attributions, so the name of the rule creator will be visible in the detection details.

MicrosoftTeams-image-37-768x364-1
 

Sigma public repository synchronization

Running Sigma rules on a live machine is one of the key benefits of DRONE. Staying up to date with the latest public Sigma repositories is easy with the Sigma public repository synchronization feature. If there are any new rules available, instead of adding them manually, just use the sync feature and DRONE will automatically support them.

Sigma public repository synchronization
 

How to run Sigma rules in DRONE?

Simple. Run DRONE from the command line and add the following command:

DRONE-1.7.0-x86.exe --sync-sigma

Automatically all Sigma rules from the SigmaHQ repository will be available in DRONE and you can use them to run either on a live machine or on an uploaded evidence file.

how to run sigma rules in DRONE