Posts tagged "{tag}": #sigma

How to scan .evtx files with detection rules at scale — what Sigma is, how Chainsaw and Hayabusa apply it to event logs, when to use each, and how to fit rule-based triage into an investigation.