Automatic Sigma Rule Generation

[valITino]

User Story

As a SOC engineer, I want the platform to automatically create Sigma rules after an emulation so that I can quickly detect similar attacks in the future.

Acceptance Criteria

• A new Sigma rule is generated if the system detects a technique for which no existing rule is present.

• If a Sigma rule already exists for a technique, the system either updates it or flags it as a duplicate.

• The user can view newly generated rules in a “Detections” or “Rules” panel.

• Rules are labeled with the MITRE technique ID or name for easy reference.

• Regarding the automation also being able to manually interact with this function

• Having also a button for automatic deployment of rules into integrations