Currently, the ThreatQ platform can parse Snort, Suricata, and YARA signatures, extracting metadata and indicators of compromise (IOCs) for use in investigations and automation workflows.
At this time, Sigma Rules are not supported for parsing.
We know Sigma is a widely adopted detection format across many environments. If Sigma parsing would help improve your threat detection workflows, we’d like to hear your perspective:
-
How do you currently manage Sigma Rules in your threat intelligence processes?
-
What would you expect from a Sigma Rule parser in ThreatQ — e.g., extracted fields, metadata, or IOC types?
-
How might this integration benefit your day-to-day investigations or automation?
Your feedback will help shape potential ideas for future development.
👉 If you have a specific approach or outcome in mind, please create a new Idea describing your use case and desired functionality.