Hi SolarWinds SEM Product Team,
I’d like to request support for the Sigma rule format in Security Event Manager (SEM). This could begin with a conversion script to translate Sigma YAML into SEM’s JSON format and ideally evolve into native Sigma rule import support through the SEM UI or API.
Why this matters:
Sigma has become a community standard for cross-SIEM detection rules, with thousands of high-quality, MITRE ATT&CK-aligned detections already available. Supporting Sigma would:
Unlock a large and growing library of reusable detection content.
Help teams operationalize threat intelligence and TTPs more quickly.
Reduce the burden of writing and maintaining custom SEM rules.
Align SEM with other leading SIEM platforms that already support Sigma.
Suggested path forward:
Provide a supported or community-driven Sigma-to-SEM conversion tool initially.
Ultimately enable native import of Sigma rules through the SEM interface or API.
Publish a field mapping guide so users can confidently build compatible rules.
Strategic benefits to SolarWinds:
Positions SEM as a more open and extensible SIEM solution.
Enhances customer productivity and rule coverage out-of-the-box.
Increases visibility and relevance of SEM in the broader threat detection ecosystem.
Encourages community contribution and content sharing.
This would be a great step toward making SEM even more capable and accessible for modern security operations teams. I'd be happy to contribute feedback or test any early implementations.
Thanks
Asia Watson
Intrepid Solutions Australia
