Curriculum

21 Chapters · 21 Lessons

  1. 1

    Free Preview

    1. Free Preview Free preview
  2. 2

    Chapter 1: Understanding Sigma and Its Importance

    1. (Included in full purchase)

      Understanding Sigma and Its Importance

  3. 3

    Chapter 2: Anatomy of a Sigma Rule

    1. (Included in full purchase)

      Anatomy of a Sigma Rule

  4. 4

    Chapter 3: Sigma Rule Logic and Conditions

    1. (Included in full purchase)

      Sigma Rule Logic and Conditions

  5. 5

    Chapter 4: Creating Rules for Windows Logs

    1. (Included in full purchase)

      Creating Rules for Windows Logs

  6. 6

    Chapter 5: Creating Rules for Linux and Network Logs

    1. (Included in full purchase)

      Creating Rules for Linux and Network Logs

  7. 7

    Chapter 6: ATT&CK Mapping and TTP-Based Detection

    1. (Included in full purchase)

      ATT&CK Mapping and TTP-Based Detection

  8. 8

    Chapter 7: Threat Simulation and Rule Testing

    1. (Included in full purchase)

      Threat Simulation and Rule Testing

  9. 9

    Chapter 8: Sigma Rule Anti-Patterns and Best Practices

    1. (Included in full purchase)

      Sigma Rule Anti-Patterns and Best Practices

  10. 10

    Chapter 9: Real-World Detection Use Cases

    1. (Included in full purchase)

      Real-World Detection Use Cases

  11. 11

    Chapter 10: Sigma Rules in SOC Workflows

    1. (Included in full purchase)

      Sigma Rules in SOC Workflows

  12. 12

    Chapter 11: Converting Sigma to SIEM Queries

    1. (Included in full purchase)

      Converting Sigma to SIEM Queries

  13. 13

    Chapter 12: Backend Limitations and Field Mapping Challenges

    1. (Included in full purchase)

      Backend Limitations and Field Mapping Challenges

  14. 14

    Chapter 13: Automating Detection Delivery with CI/CD

    1. (Included in full purchase)

      Automating Detection Delivery with CI/CD

  15. 15

    Chapter 14: Managing Rule Packs and Rule Versioning

    1. (Included in full purchase)

      Managing Rule Packs and Rule Versioning

  16. 16

    Chapter 15: Threat Hunting with Sigma

    1. (Included in full purchase)

      Threat Hunting with Sigma

  17. 17

    Chapter 16: Intelligence-Driven Detection Engineering

    1. (Included in full purchase)

      Intelligence-Driven Detection Engineering

  18. 18

    Chapter 17: Sigma in Open Source XDR

    1. (Included in full purchase)

      Sigma in Open Source XDR

  19. 19

    Chapter 18: The Future of Sigma and Detection-as-Code

    1. (Included in full purchase)

      The Future of Sigma and Detection-as-Code

  20. 20

    Appendices

    1. (Included in full purchase)

      Appendices

  21. 21

    Index

    1. (Included in full purchase)

      Index

About the Course

Practical Detection Engineering with Sigma is a hands-on guide to building, testing, and operationalizing modern detections in real SOC environments. The book walks you step by step through the full detection engineering lifecycle—from understanding Sigma fundamentals to writing structured rules and deploying them across SIEM and XDR platforms. You will learn how to translate adversary behavior into behavior-based detections, aligned with MITRE ATT&CK, create rules for Windows, Linux, and network telemetry, and convert them into backend-specific queries for platforms such as Elastic, Splunk, Microsoft Sentinel, and Wazuh. Practical examples demonstrate how to validate detections using real and simulated attack data, reduce false positives, and design alerts that analysts can confidently triage. From rule creation to CI/CD automation, version control, and large-scale rule management, this book equips you to build scalable, maintainable, and production-ready detection programs aligned with modern security operations.

About the Author

Wojciech Ciemski is a cybersecurity engineer and detection specialist with over a decade of hands-on experience. His work focuses on detection engineering, Sigma Rule Language, and research-driven analysis of adversary behavior mapped to MITRE ATT&CK. He designs and tests scalable SIEM and XDR detection pipelines, based on real-world threat data.