[SigmaHQ/sigma: Generic Signature Format for SIEM Systems](https://github.com/SigmaHQ/sigma) [[ATC RE&CT Framework]] uses this for the various components. It can be used for [[Humio]] and [[Carbon Black]]. Even `grep`. You can test some rules at [Uncoder.IO | Universal Sigma Rule Converter for SIEM, EDR, and NTDR](https://uncoder.io/). It even mentions [[Corelight]]. [[Timesketch]] uses Sigma.