{"id":10054,"date":"2023-04-03T11:48:51","date_gmt":"2023-04-03T08:48:51","guid":{"rendered":"https:\/\/www.hosting.com.tr\/blog\/?p=10054"},"modified":"2025-08-14T10:37:09","modified_gmt":"2025-08-14T07:37:09","slug":"sigma-ile-tehdit-avciligi","status":"publish","type":"post","link":"https:\/\/www.hosting.com.tr\/blog\/sigma-ile-tehdit-avciligi\/","title":{"rendered":"Sigma ile Tehdit Avc\u0131l\u0131\u011f\u0131, SIEM \u00dcr\u00fcnlerinde Tehdit Av\u0131"},"content":{"rendered":"\r\n<p><strong>Sigma<\/strong>, <strong>SIEM&#8217;ler (Security Information and Event Management)<\/strong> dahil olmak \u00fczere birden \u00e7ok platformda g\u00fcvenlik kurallar\u0131 yazmak ve y\u00f6netmek i\u00e7in kullan\u0131lan a\u00e7\u0131k kaynakl\u0131 bir ara\u00e7t\u0131r. Alg\u0131lama mant\u0131\u011f\u0131n\u0131 ifade etmek i\u00e7in esnek ve geni\u015fletilebilir bir bi\u00e7im sa\u011flayarak, g\u00fcvenlik analistlerinin birden \u00e7ok g\u00fcvenlik sisteminde g\u00fcvenlik kurallar\u0131n\u0131 kolayca yazmas\u0131na, payla\u015fmas\u0131na ve uygulamas\u0131na olanak tan\u0131r.<\/p>\r\n\r\n\r\n\r\n<p>Sigma, SIEM sistemlerinde kullan\u0131labilen g\u00fcvenlik kurallar\u0131n\u0131n yan\u0131 s\u0131ra izinsiz giri\u015f tespit sistemleri (IDS), u\u00e7 nokta tespit ve yan\u0131t (EDR) ara\u00e7lar\u0131 ve g\u00fcvenlik analiti\u011fi platformlar\u0131 gibi di\u011fer g\u00fcvenlik ara\u00e7lar\u0131n\u0131n yaz\u0131lmas\u0131 ve y\u00f6netilmesi i\u00e7in de bir yol sunar. <strong>Sigma kurallar\u0131<\/strong>, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m bula\u015fmalar\u0131, \u015f\u00fcpheli a\u011f etkinli\u011fi, kaba kuvvet sald\u0131r\u0131lar\u0131 ve di\u011fer k\u00f6t\u00fc niyetli davran\u0131\u015flar dahil olmak \u00fczere \u00e7ok \u00e7e\u015fitli g\u00fcvenlik tehditlerini alg\u0131lamak i\u00e7in kullan\u0131labilir.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\" id=\"siem-nedir\">SIEM Nedir?<\/h2>\r\n\r\n\r\n\r\n<p>SIEM, bir i\u015fletmenin a\u011f\u0131ndaki birden \u00e7ok kaynaktan gelen g\u00fcvenlik olay\u0131 verilerini toplayan ve analiz eden bir yaz\u0131l\u0131m \u00e7\u00f6z\u00fcm\u00fcd\u00fcr. A\u011f cihazlar\u0131, sunucular, uygulamalar ve di\u011fer g\u00fcvenlik ara\u00e7lar\u0131 dahil olmak \u00fczere \u00e7e\u015fitli kaynaklardan gelen verileri ili\u015fkilendirip analiz ederek g\u00fcvenlik ekiplerinin g\u00fcvenlik tehditlerini ger\u00e7ek zamanl\u0131 olarak belirlemesine ve bunlara yan\u0131t vermesine yard\u0131mc\u0131 olur. SIEM, g\u00fcvenlik olaylar\u0131n\u0131 izlemek ve y\u00f6netmek i\u00e7in merkezi bir platform sa\u011flayarak kurulu\u015flar\u0131n g\u00fcvenlik olaylar\u0131n\u0131 daha h\u0131zl\u0131 ve etkili bir \u015fekilde tespit etmesine ve bunlara yan\u0131t vermesine olanak tan\u0131r.<\/p>\r\n\r\n\r\n\r\n<p>G\u00fcvenlik ekipleri, bir SIEM sistemi i\u00e7inde Sigma kurallar\u0131n\u0131 kullanarak g\u00fcvenlik tehditlerini ger\u00e7ek zamanl\u0131 olarak tespit etme ve bunlara yan\u0131t verme becerilerini geli\u015ftirerek daha proaktif ve etkili bir g\u00fcvenlik duru\u015fu sa\u011flayabilir. Sigma ayr\u0131ca, g\u00fcvenlik ekiplerinin kurallar\u0131 daha verimli ve etkili bir \u015fekilde olu\u015fturmas\u0131na ve s\u00fcrd\u00fcrmesine izin vererek g\u00fcvenlik kural\u0131 olu\u015fturma ve y\u00f6netme s\u00fcrecini kolayla\u015ft\u0131rmaya yard\u0131mc\u0131 olur.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\" id=\"sigma-kurallari\">Sigma Kurallar\u0131<\/h2>\r\n\r\n\r\n\r\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"500\" class=\"wp-image-10057\" src=\"https:\/\/www.hosting.com.tr\/blog\/wp-content\/uploads\/2023\/04\/sigma-kurallari.jpeg\" alt=\"Sigma Kurallar\u0131\" srcset=\"https:\/\/www.hosting.com.tr\/blog\/wp-content\/uploads\/2023\/04\/sigma-kurallari.jpeg 1000w, https:\/\/www.hosting.com.tr\/blog\/wp-content\/uploads\/2023\/04\/sigma-kurallari-300x150.jpeg 300w, https:\/\/www.hosting.com.tr\/blog\/wp-content\/uploads\/2023\/04\/sigma-kurallari-768x384.jpeg 768w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/>\r\n<figcaption>Kaynak: researchgate<\/figcaption>\r\n<\/figure>\r\n\r\n\r\n\r\n<p><strong>SIGMA kurallar\u0131<\/strong>, kullan\u0131lan SIEM veya sistemden ba\u011f\u0131ms\u0131z olarak alg\u0131lama kurallar\u0131n\u0131 standartla\u015ft\u0131ran ortak bir tehdit alg\u0131lama dilidir.\u00a0<\/p>\r\n\r\n\r\n\r\n<p>Di\u011fer \u015feylerin yan\u0131 s\u0131ra, SIGMA kurallar\u0131 a\u015fa\u011f\u0131dakileri sa\u011flar:<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Herkes taraf\u0131ndan kullan\u0131labilecek standart tespit kurallar\u0131n\u0131n olu\u015fturulmas\u0131 ve payla\u015f\u0131lmas\u0131<\/li>\r\n<li>Ba\u015fka bir SIEM&#8217;e (G\u00fcvenlik Bilgi Y\u00f6netim Sistemi) ge\u00e7erken kurallar\u0131n kolayca ta\u015f\u0131nmas\u0131<\/li>\r\n<li>MSSP&#8217;ler gibi \u00e7e\u015fitli sistemleri (SIEM, EDR, XDR\u2026) kullanan oyuncular i\u00e7in g\u00fcnl\u00fck analizinin birle\u015ftirilmesi<\/li>\r\n<li>Emeklerini pazarlanabilir SIGMA kurallar\u0131na d\u00f6n\u00fc\u015ft\u00fcrebilen g\u00fcvenlik ara\u015ft\u0131rmac\u0131lar\u0131 taraf\u0131ndan tespit i\u00e7eri\u011finin paraya \u00e7evrilmesi.<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\" id=\"sigma-kurali-nasil-yazilir\">Sigma Kural\u0131 Nas\u0131l Yaz\u0131l\u0131r?<\/h2>\r\n\r\n\r\n\r\n<p><strong>Sigma kural\u0131 yazmak<\/strong>, kulland\u0131\u011f\u0131n\u0131z belirli SIEM platformu ve izlemekte oldu\u011funuz veri kaynaklar\u0131 t\u00fcrleri hakk\u0131nda bilgi gerektirir. \u0130zlenecek baz\u0131 genel ad\u0131mlar a\u015fa\u011f\u0131dakileri i\u00e7erir:<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\" id=\"1-kullanim-durumunuzu-tanimlayin\">1. Kullan\u0131m durumunuzu tan\u0131mlay\u0131n<\/h3>\r\n\r\n\r\n\r\n<p>Sigma kural\u0131n\u0131z\u0131 yazmaya ba\u015flamadan \u00f6nce kullan\u0131m durumunuzu tan\u0131mlay\u0131n. Ne t\u00fcr bir tehdit tespit etmeye \u00e7al\u0131\u015f\u0131yorsunuz? Hangi veri kaynaklar\u0131n\u0131 izleyeceksiniz? Bir uyar\u0131y\u0131 tetikleme kriterleri nelerdir?<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\" id=\"2-gunluk-kaynagini-tanimlayin\">2. G\u00fcnl\u00fck kayna\u011f\u0131n\u0131 tan\u0131mlay\u0131n<\/h3>\r\n\r\n\r\n\r\n<p>\u0130zlemeniz gereken verileri i\u00e7eren g\u00fcnl\u00fck kayna\u011f\u0131n\u0131 belirleyin. Bu bir g\u00fcvenlik duvar\u0131, <a href=\"https:\/\/www.hosting.com.tr\/blog\/ips-ve-ids-nedir-nasil-calisir\/\">IDS\/IPS<\/a> veya ba\u015fka bir g\u00fcvenlik cihaz\u0131 olabilir.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\" id=\"3-ilgili-alanlari-tanimlayin\">3. \u0130lgili alanlar\u0131 tan\u0131mlay\u0131n<\/h3>\r\n\r\n\r\n\r\n<p>\u0130zlemeniz gereken verileri i\u00e7eren g\u00fcnl\u00fck kayna\u011f\u0131ndaki alanlar\u0131 tan\u0131mlay\u0131n. \u00d6rne\u011fin, g\u00fcvenlik duvar\u0131 g\u00fcnl\u00fcklerini izliyorsan\u0131z, belirli IP adreslerini, ba\u011flant\u0131 noktalar\u0131n\u0131 veya protokolleri araman\u0131z gerekebilir.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\" id=\"4-kural-kosullarini-tanimlayin\">4. Kural ko\u015fullar\u0131n\u0131 tan\u0131mlay\u0131n<\/h3>\r\n\r\n\r\n\r\n<p>Kural\u0131n bir uyar\u0131 tetiklemesi i\u00e7in kar\u015f\u0131lanmas\u0131 gereken ko\u015fullar\u0131 tan\u0131mlay\u0131n. \u00d6rne\u011fin, kaba kuvvet sald\u0131r\u0131lar\u0131n\u0131 izliyorsan\u0131z, belirli bir s\u00fcre i\u00e7inde belirli say\u0131dan daha fazla ba\u015far\u0131s\u0131z oturum a\u00e7ma giri\u015fimi varsa bir uyar\u0131 tetiklemek isteyebilirsiniz.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\" id=\"5-sigma-kuralini-yazin\">5. Sigma kural\u0131n\u0131 yaz\u0131n<\/h3>\r\n\r\n\r\n\r\n<p>Kural\u0131n\u0131z\u0131 yazmak i\u00e7in Sigma s\u00f6zdizimini kullan\u0131n. Sigma s\u00f6zdizimi, farkl\u0131 SIEM platformlar\u0131nda kullan\u0131labilen alg\u0131lama kurallar\u0131n\u0131 yazmak i\u00e7in standartla\u015ft\u0131r\u0131lm\u0131\u015f bir bi\u00e7imdir. Normal ifadelere benzer ve g\u00fcnl\u00fck verileri i\u00e7indeki kal\u0131plar\u0131 tan\u0131mlaman\u0131za olanak tan\u0131r.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\" id=\"6-kurali-test-edin\">6. Kural\u0131 test edin<\/h3>\r\n\r\n\r\n\r\n<p>Beklendi\u011fi gibi \u00e7al\u0131\u015ft\u0131\u011f\u0131ndan emin olmak i\u00e7in kural\u0131 test edin. Bunu, kural\u0131n bir uyar\u0131 tetikleyip tetiklemedi\u011fini g\u00f6rmek i\u00e7in test verileri olu\u015fturarak veya ger\u00e7ek d\u00fcnya verilerini kullanarak yapabilirsiniz.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\" id=\"7-kurali-iyilestirin\">7. Kural\u0131 iyile\u015ftirin<\/h3>\r\n\r\n\r\n\r\n<p>Test ve izlemeden elde edilen geri bildirimlere g\u00f6re kural\u0131 iyile\u015ftirin. Yanl\u0131\u015f pozitifleri azaltmak veya alg\u0131lama oran\u0131n\u0131 art\u0131rmak i\u00e7in kural ko\u015fullar\u0131n\u0131 veya kriterleri gerekti\u011fi gibi ayarlay\u0131n.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\" id=\"8-kurali-uygulayin\">8. Kural\u0131 uygulay\u0131n<\/h3>\r\n\r\n\r\n\r\n<p>\u00c7al\u0131\u015fan bir Sigma kural\u0131n\u0131z oldu\u011funda, potansiyel tehditleri izlemeye ba\u015flamak i\u00e7in SIEM sisteminizde uygulay\u0131n.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\" id=\"sigma-kurallarini-test-etme\">Sigma Kurallar\u0131n\u0131 Test Etme<\/h2>\r\n\r\n\r\n\r\n<p>Sigma kurallar\u0131n\u0131n test edilmesi, do\u011fru \u00e7al\u0131\u015ft\u0131klar\u0131ndan ve potansiyel g\u00fcvenlik tehditlerini do\u011fru bir \u015fekilde tespit ettiklerinden emin olmak i\u00e7in \u00f6nemli bir ad\u0131md\u0131r. Bu noktada Sigma kurallar\u0131n\u0131 test etmek isterseniz, a\u015fa\u011f\u0131daki ad\u0131mlar\u0131 kullanabilirsiniz:<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\" id=\"1-test-verilerini-toplama\">1. Test verilerini toplama<\/h3>\r\n\r\n\r\n\r\n<p>\u0130zlemekte oldu\u011funuz veri kaynaklar\u0131ndan g\u00fcnl\u00fck verilerini i\u00e7eren test verilerini toplay\u0131n. Kurallar\u0131n\u0131z\u0131 test etmek i\u00e7in test sistemlerinden olu\u015fturulan verileri veya sentetik verileri kullan\u0131n.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\" id=\"2-kurallari-test-edin\">2. Kurallar\u0131 test edin<\/h3>\r\n\r\n\r\n\r\n<p>\u0130zlemekte oldu\u011funuz g\u00fcvenlik tehditlerini do\u011fru bir \u015fekilde tespit ettiklerinden emin olmak i\u00e7in test verilerini kullanarak Sigma kurallar\u0131n\u0131 test edin. Uyar\u0131y\u0131 sim\u00fcle etmek ve kural\u0131n tetiklendi\u011finden emin olmak i\u00e7in SIEM platformunun kural testi veya sim\u00fclasyon \u00f6zelli\u011fini kullan\u0131n.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\" id=\"3-sonuclari-analiz-edin\">3. Sonu\u00e7lar\u0131 analiz edin<\/h3>\r\n\r\n\r\n\r\n<p>Kurallar\u0131n g\u00fcvenlik tehditlerini do\u011fru bir \u015fekilde tespit etti\u011finden ve yanl\u0131\u015f pozitifler \u00fcretmedi\u011finden emin olmak i\u00e7in kural testinin sonu\u00e7lar\u0131n\u0131 analiz edin. Uyar\u0131n\u0131n do\u011frulu\u011funu ve ger\u00e7ek pozitif mi yoksa yanl\u0131\u015f pozitif mi oldu\u011funu belirlemek i\u00e7in uyar\u0131y\u0131 ve ili\u015fkili verileri inceleyin.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\" id=\"4-kurallari-hassaslastirin\">4. Kurallar\u0131 hassasla\u015ft\u0131r\u0131n<\/h3>\r\n\r\n\r\n\r\n<p>Kural testi ve analizinin sonu\u00e7lar\u0131na g\u00f6re do\u011fruluklar\u0131n\u0131 art\u0131rmak ve yanl\u0131\u015f pozitifleri azaltmak i\u00e7in kurallar\u0131 gerekti\u011fi gibi iyile\u015ftirin. Tespit oranlar\u0131n\u0131 iyile\u015ftirmek ve yanl\u0131\u015f pozitifleri azaltmak i\u00e7in kural ko\u015fullar\u0131n\u0131 veya kriterleri gerekti\u011fi gibi ayarlay\u0131n.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\" id=\"5-kurallari-uygulayin\">5. Kurallar\u0131 uygulay\u0131n<\/h3>\r\n\r\n\r\n\r\n<p>Sigma kurallar\u0131n\u0131 test edip iyile\u015ftirdikten sonra potansiyel g\u00fcvenlik tehditlerini izlemeye ba\u015flamak i\u00e7in bunlar\u0131 SIEM platformunuzda uygulay\u0131n. Kurallar taraf\u0131ndan olu\u015fturulan uyar\u0131lar\u0131 izleyin ve potansiyel tehditleri do\u011fru bir \u015fekilde tespit ettiklerinden emin olmak i\u00e7in gerekti\u011fi \u015fekilde ayarlay\u0131n.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\" id=\"sigma-kurallarini-destekleyen-platformlar\">Sigma Kurallar\u0131n\u0131 Destekleyen Platformlar<\/h2>\r\n\r\n\r\n\r\n<p>Sigma s\u00f6zdizimi, platformdan ba\u011f\u0131ms\u0131z olacak \u015fekilde tasarlanm\u0131\u015ft\u0131r ve kural tabanl\u0131 alg\u0131lamay\u0131 destekleyen \u00e7e\u015fitli g\u00fcvenlik bilgileri ve olay y\u00f6netimi (SIEM) platformlar\u0131yla birlikte kullan\u0131labilir. Sigma kurallar\u0131n\u0131 destekleyen baz\u0131 platformlar a\u015fa\u011f\u0131dakileri i\u00e7erir:<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\" id=\"1-elastic-security-eski-adiyla-elastic-siem\">1. Elastic Security (eski ad\u0131yla Elastic SIEM)<\/h3>\r\n\r\n\r\n\r\n<p>Elastic Security, Sigma kurallar\u0131n\u0131 yerel olarak destekler, Sigma kurallar\u0131n\u0131 i\u00e7e aktarabilir ve Elastic SIEM kurallar\u0131na d\u00f6n\u00fc\u015ft\u00fcrebilir.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\" id=\"2-qradar\">2. QRadar<\/h3>\r\n\r\n\r\n\r\n<p>IBM QRadar, QRadar Community Edition adl\u0131 bir \u00fc\u00e7\u00fcnc\u00fc ki\u015fi uygulamas\u0131 arac\u0131l\u0131\u011f\u0131yla Sigma kurallar\u0131n\u0131 destekler.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\" id=\"3-splunk\">3. Splunk<\/h3>\r\n\r\n\r\n\r\n<p>Splunk, Sigma kurallar\u0131n\u0131 Splunk&#8217;\u0131n arama diline \u00e7evirebilen Sigma Converter adl\u0131 \u00fc\u00e7\u00fcnc\u00fc taraf bir uygulama arac\u0131l\u0131\u011f\u0131yla Sigma kurallar\u0131n\u0131 destekler.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\" id=\"4-logrhythm\">4. LogRhythm<\/h3>\r\n\r\n\r\n\r\n<p>LogRhythm, Sigma kurallar\u0131n\u0131 yerel olarak destekler, Sigma kurallar\u0131n\u0131 i\u00e7e aktarabilir ve LogRhythm kurallar\u0131na d\u00f6n\u00fc\u015ft\u00fcrebilir.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\" id=\"5-graylog\">5. Graylog<\/h3>\r\n\r\n\r\n\r\n<p>Graylog, Sigma Rules Converter adl\u0131 \u00fc\u00e7\u00fcnc\u00fc taraf bir uygulama arac\u0131l\u0131\u011f\u0131yla Sigma kurallar\u0131n\u0131 destekler.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\" id=\"6-arcsight\">6. ArcSight<\/h3>\r\n\r\n\r\n\r\n<p>ArcSight, Sigma2Arcsight adl\u0131 \u00fc\u00e7\u00fcnc\u00fc taraf bir uygulama arac\u0131l\u0131\u011f\u0131yla Sigma kurallar\u0131n\u0131 destekler.<\/p>\r\n\r\n\r\n\r\n<p>Bunlar, Sigma kurallar\u0131n\u0131 destekleyen SIEM platformlar\u0131ndan sadece birka\u00e7\u0131na \u00f6rnektir. Sigma a\u00e7\u0131k bir standart oldu\u011fundan, gelecekte daha fazla platform Sigma kurallar\u0131 i\u00e7in destek ekleyebilir.<\/p>\r\n\r\n\r\n\r\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"868\" height=\"330\" class=\"wp-image-10080\" src=\"https:\/\/www.hosting.com.tr\/blog\/wp-content\/uploads\/2023\/04\/sigma-rule.png\" alt=\"\" srcset=\"https:\/\/www.hosting.com.tr\/blog\/wp-content\/uploads\/2023\/04\/sigma-rule.png 868w, https:\/\/www.hosting.com.tr\/blog\/wp-content\/uploads\/2023\/04\/sigma-rule-300x114.png 300w, https:\/\/www.hosting.com.tr\/blog\/wp-content\/uploads\/2023\/04\/sigma-rule-768x292.png 768w\" sizes=\"auto, (max-width: 868px) 100vw, 868px\" \/><\/figure>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\" id=\"sigmac-ile-kurali-donusturme\">Sigmac \u0130le Kural\u0131 D\u00f6n\u00fc\u015ft\u00fcrme<\/h2>\r\n\r\n\r\n\r\n<p>Sigmac, g\u00fcvenlik kurallar\u0131n\u0131 bir bi\u00e7imden di\u011ferine d\u00f6n\u00fc\u015ft\u00fcrmek i\u00e7in kullan\u0131labilen bir ara\u00e7t\u0131r. Sigmac kullanarak bir kural\u0131 d\u00f6n\u00fc\u015ft\u00fcrmek i\u00e7in a\u015fa\u011f\u0131daki ad\u0131mlar\u0131 izlemeniz gerekir:<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Sigmac&#8217;\u0131 sisteminize kurun.<\/li>\r\n<li>D\u00f6n\u00fc\u015ft\u00fcrmek istedi\u011finiz kural\u0131 ve onu d\u00f6n\u00fc\u015ft\u00fcrmek istedi\u011finiz hedef bi\u00e7imi belirleyin. Sigmac, Snort, Yara, Suricata ve di\u011ferleri dahil olmak \u00fczere bir\u00e7ok format\u0131 destekler.<\/li>\r\n<li>D\u00f6n\u00fc\u015ft\u00fcrmek istedi\u011finiz kural\u0131 i\u00e7eren bir dosya olu\u015fturun. Dosya sadece kural\u0131 i\u00e7ermeli ve ba\u015fka metin i\u00e7ermemelidir.<\/li>\r\n<li>Sigmac&#8217;\u0131 \u00e7al\u0131\u015ft\u0131r\u0131n ve kural\u0131 i\u00e7eren dosyan\u0131n yolunu, kaynak format\u0131n ad\u0131n\u0131 ve hedef format\u0131n ad\u0131n\u0131 sa\u011flay\u0131n. \u00d6rne\u011fin, bir Snort kural\u0131n\u0131 Yara kural\u0131na d\u00f6n\u00fc\u015ft\u00fcrmek isterseniz, \u00e7al\u0131\u015ft\u0131rman\u0131z gereken: sigmac <code>-r \/path\/to\/rule\/file\/snort_rule.txt -t yara<\/code><\/li>\r\n<li>Sigmac, d\u00f6n\u00fc\u015ft\u00fcr\u00fclen kural\u0131n \u00e7\u0131kt\u0131s\u0131n\u0131 konsola verecektir. D\u00f6n\u00fc\u015ft\u00fcr\u00fclen kural\u0131 bir dosyaya kaydetmek istiyorsan\u0131z, \u00e7\u0131kt\u0131y\u0131 bir dosyaya y\u00f6nlendirebilirsiniz. \u00d6rne\u011fin: <code>sigmac -r \/path\/to\/rule\/file\/snort_rule.txt -t yara &gt; yara_rule.txt<\/code>.<\/li>\r\n<li>D\u00f6n\u00fc\u015ft\u00fcr\u00fclen kural\u0131n do\u011fru oldu\u011funu ve hedef sisteminizde beklendi\u011fi gibi \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 do\u011frulay\u0131n.<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\" id=\"tehdit-avciligi-turleri\">Tehdit Avc\u0131l\u0131\u011f\u0131 T\u00fcrleri<\/h2>\r\n\r\n\r\n\r\n<div class=\"wp-block-image\">\r\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"500\" class=\"wp-image-10058\" src=\"https:\/\/www.hosting.com.tr\/blog\/wp-content\/uploads\/2023\/04\/tehdit-avciligi-turleri.jpeg\" alt=\"Tehdit Avc\u0131l\u0131\u011f\u0131 T\u00fcrleri\" srcset=\"https:\/\/www.hosting.com.tr\/blog\/wp-content\/uploads\/2023\/04\/tehdit-avciligi-turleri.jpeg 1000w, https:\/\/www.hosting.com.tr\/blog\/wp-content\/uploads\/2023\/04\/tehdit-avciligi-turleri-300x150.jpeg 300w, https:\/\/www.hosting.com.tr\/blog\/wp-content\/uploads\/2023\/04\/tehdit-avciligi-turleri-768x384.jpeg 768w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><\/figure>\r\n<\/div>\r\n\r\n\r\n\r\n<p>Tehdit av\u0131; g\u00fcvenlik duvarlar\u0131, sald\u0131r\u0131 tespit sistemleri veya antivir\u00fcs yaz\u0131l\u0131m\u0131 gibi geleneksel g\u00fcvenlik \u00f6nlemlerinden ka\u00e7m\u0131\u015f olabilecek g\u00fcvenlik tehditlerini proaktif olarak arama s\u00fcrecidir. \u0130\u015fletmelerin kullanabilece\u011fi \u00e7e\u015fitli tehdit avlama teknikleri vard\u0131r. Bunlar a\u015fa\u011f\u0131daki \u015fekildedir:<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\" id=\"1-imza-tabanli-tespit\">1. \u0130mza tabanl\u0131 tespit<\/h3>\r\n\r\n\r\n\r\n<p>\u0130mza tabanl\u0131 tespit, IP adresleri, alan adlar\u0131, dosya sa\u011flamalar\u0131 veya \u00f6nceki sald\u0131r\u0131larla ili\u015fkilendirilmi\u015f di\u011fer \u00f6zellikler gibi bilinen risk g\u00f6stergelerinin (IOC&#8217;ler) aranmas\u0131n\u0131 i\u00e7erir. Bu genellikle bilinen sald\u0131r\u0131lara kar\u015f\u0131 ilk savunma hatt\u0131d\u0131r.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\" id=\"2-davranisa-dayali-tespit\">2. Davran\u0131\u015fa dayal\u0131 tespit<\/h3>\r\n\r\n\r\n\r\n<p>Davran\u0131\u015fa dayal\u0131 tespit, bir g\u00fcvenlik tehdidinin g\u00f6stergesi olabilecek ola\u011fand\u0131\u015f\u0131 veya anormal davran\u0131\u015flar\u0131n izlenmesini i\u00e7erir. Bu, a\u011f trafi\u011fi modellerini, kullan\u0131c\u0131 etkinli\u011fini veya normal parametrelerin d\u0131\u015f\u0131ndaki sistem olaylar\u0131n\u0131 i\u00e7erebilir.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\" id=\"3-istihbarata-dayali-avlanma\">3. \u0130stihbarata dayal\u0131 avlanma<\/h3>\r\n\r\n\r\n\r\n<p>\u0130stihbarata dayal\u0131 tespit, bilinen tehdit akt\u00f6rleri veya kampanyalarla ili\u015fkilendirilmi\u015f belirli uzla\u015fma g\u00f6stergelerini veya davran\u0131\u015f kal\u0131plar\u0131n\u0131 aramak i\u00e7in tehdit istihbarat\u0131 beslemelerinin kullan\u0131lmas\u0131n\u0131 i\u00e7erir.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\" id=\"4-tehdit-simulasyonu\">4. Tehdit sim\u00fclasyonu<\/h3>\r\n\r\n\r\n\r\n<p>Tehdit sim\u00fclasyonu, bir kurulu\u015fun savunmas\u0131ndaki bo\u015fluklar\u0131 veya sald\u0131r\u0131ya kar\u015f\u0131 savunmas\u0131z olabilecekleri alanlar\u0131 belirlemek i\u00e7in bilinen bilgisayar korsanlar\u0131n\u0131n taktiklerini, tekniklerini ve prosed\u00fcrlerini (TTP&#8217;ler) sim\u00fcle etmeyi i\u00e7erir.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\" id=\"5-hibrit-tespit\">5. Hibrit tespit<\/h3>\r\n\r\n\r\n\r\n<p>Hibrit tespit, g\u00fcvenlik tehditlerini belirlemek ve bunlara yan\u0131t vermek i\u00e7in bir dizi teknik ve ara\u00e7 kullanarak yukar\u0131daki t\u00fcm y\u00f6ntemlerin unsurlar\u0131n\u0131 birle\u015ftirir.<\/p>\r\n\r\n\r\n\r\n<p>Bu yakla\u015f\u0131mlar\u0131n her birinin kendi g\u00fc\u00e7l\u00fc ve zay\u0131f y\u00f6nleri vard\u0131r ve kurulu\u015flar, kendi \u00f6zel g\u00fcvenlik ihtiya\u00e7lar\u0131na ve risk profillerine ba\u011fl\u0131 olarak bu tekniklerden bir veya daha fazlas\u0131n\u0131 kullanabilir.<\/p>\r\n\r\n\r\n","protected":false},"excerpt":{"rendered":"Sigma, SIEM&#8217;ler (Security Information and Event Management) dahil olmak \u00fczere birden \u00e7ok platformda g\u00fcvenlik kurallar\u0131 yazmak ve y\u00f6netmek&hellip;\n","protected":false},"author":20,"featured_media":10055,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"csco_singular_sidebar":"","csco_page_header_type":"","csco_appearance_grid":"","csco_page_load_nextpost":"","csco_post_video_location":[],"csco_post_video_location_hash":"","csco_post_video_url":"","csco_post_video_bg_start_time":0,"csco_post_video_bg_end_time":0,"footnotes":""},"categories":[349,22],"tags":[],"class_list":{"0":"post-10054","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-guvenlik","8":"category-teknoloji","9":"cs-entry","10":"cs-video-wrap"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Sigma ile Tehdit Avc\u0131l\u0131\u011f\u0131, SIEM \u00dcr\u00fcnlerinde Tehdit Av\u0131 - Hosting.com.tr<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.hosting.com.tr\/blog\/sigma-ile-tehdit-avciligi\/\" \/>\n<meta property=\"og:locale\" content=\"tr_TR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Sigma ile Tehdit Avc\u0131l\u0131\u011f\u0131, SIEM \u00dcr\u00fcnlerinde Tehdit Av\u0131 - Hosting.com.tr\" \/>\n<meta property=\"og:description\" content=\"Sigma, SIEM&#8217;ler (Security Information and Event Management) dahil olmak \u00fczere birden \u00e7ok platformda g\u00fcvenlik kurallar\u0131 yazmak ve y\u00f6netmek&hellip;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.hosting.com.tr\/blog\/sigma-ile-tehdit-avciligi\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/hosting.com.tr\" \/>\n<meta property=\"article:published_time\" content=\"2023-04-03T08:48:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-08-14T07:37:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.hosting.com.tr\/blog\/wp-content\/uploads\/2023\/04\/sigma-ile-tehdit-avciligi-siem-urunlerinde-tehdit-avi.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"500\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Sibel Ho\u015f\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@hostingcomtr\" \/>\n<meta name=\"twitter:site\" content=\"@hostingcomtr\" \/>\n<meta name=\"twitter:label1\" content=\"Yazan:\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sibel Ho\u015f\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tahmini okuma s\u00fcresi\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 dakika\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Sigma ile Tehdit Avc\u0131l\u0131\u011f\u0131, SIEM \u00dcr\u00fcnlerinde Tehdit Av\u0131 - Hosting.com.tr","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.hosting.com.tr\/blog\/sigma-ile-tehdit-avciligi\/","og_locale":"tr_TR","og_type":"article","og_title":"Sigma ile Tehdit Avc\u0131l\u0131\u011f\u0131, SIEM \u00dcr\u00fcnlerinde Tehdit Av\u0131 - Hosting.com.tr","og_description":"Sigma, SIEM&#8217;ler (Security Information and Event Management) dahil olmak \u00fczere birden \u00e7ok platformda g\u00fcvenlik kurallar\u0131 yazmak ve y\u00f6netmek&hellip;","og_url":"https:\/\/www.hosting.com.tr\/blog\/sigma-ile-tehdit-avciligi\/","og_site_name":"Blog","article_publisher":"https:\/\/www.facebook.com\/hosting.com.tr","article_published_time":"2023-04-03T08:48:51+00:00","article_modified_time":"2025-08-14T07:37:09+00:00","og_image":[{"width":1000,"height":500,"url":"https:\/\/www.hosting.com.tr\/blog\/wp-content\/uploads\/2023\/04\/sigma-ile-tehdit-avciligi-siem-urunlerinde-tehdit-avi.jpeg","type":"image\/jpeg"}],"author":"Sibel Ho\u015f","twitter_card":"summary_large_image","twitter_creator":"@hostingcomtr","twitter_site":"@hostingcomtr","twitter_misc":{"Yazan:":"Sibel Ho\u015f","Tahmini okuma s\u00fcresi":"9 dakika"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.hosting.com.tr\/blog\/sigma-ile-tehdit-avciligi\/#article","isPartOf":{"@id":"https:\/\/www.hosting.com.tr\/blog\/sigma-ile-tehdit-avciligi\/"},"author":{"name":"Sibel Ho\u015f","@id":"https:\/\/www.hosting.com.tr\/blog\/#\/schema\/person\/769feb953535a36d98b2d05f5e3e1b73"},"headline":"Sigma ile Tehdit Avc\u0131l\u0131\u011f\u0131, SIEM \u00dcr\u00fcnlerinde Tehdit Av\u0131","datePublished":"2023-04-03T08:48:51+00:00","dateModified":"2025-08-14T07:37:09+00:00","mainEntityOfPage":{"@id":"https:\/\/www.hosting.com.tr\/blog\/sigma-ile-tehdit-avciligi\/"},"wordCount":1850,"commentCount":0,"publisher":{"@id":"https:\/\/www.hosting.com.tr\/blog\/#organization"},"image":{"@id":"https:\/\/www.hosting.com.tr\/blog\/sigma-ile-tehdit-avciligi\/#primaryimage"},"thumbnailUrl":"https:\/\/www.hosting.com.tr\/blog\/wp-content\/uploads\/2023\/04\/sigma-ile-tehdit-avciligi-siem-urunlerinde-tehdit-avi.jpeg","articleSection":["G\u00fcvenlik","Teknoloji"],"inLanguage":"tr","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.hosting.com.tr\/blog\/sigma-ile-tehdit-avciligi\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.hosting.com.tr\/blog\/sigma-ile-tehdit-avciligi\/","url":"https:\/\/www.hosting.com.tr\/blog\/sigma-ile-tehdit-avciligi\/","name":"Sigma ile Tehdit Avc\u0131l\u0131\u011f\u0131, SIEM \u00dcr\u00fcnlerinde Tehdit Av\u0131 - Hosting.com.tr","isPartOf":{"@id":"https:\/\/www.hosting.com.tr\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.hosting.com.tr\/blog\/sigma-ile-tehdit-avciligi\/#primaryimage"},"image":{"@id":"https:\/\/www.hosting.com.tr\/blog\/sigma-ile-tehdit-avciligi\/#primaryimage"},"thumbnailUrl":"https:\/\/www.hosting.com.tr\/blog\/wp-content\/uploads\/2023\/04\/sigma-ile-tehdit-avciligi-siem-urunlerinde-tehdit-avi.jpeg","datePublished":"2023-04-03T08:48:51+00:00","dateModified":"2025-08-14T07:37:09+00:00","breadcrumb":{"@id":"https:\/\/www.hosting.com.tr\/blog\/sigma-ile-tehdit-avciligi\/#breadcrumb"},"inLanguage":"tr","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.hosting.com.tr\/blog\/sigma-ile-tehdit-avciligi\/"]}]},{"@type":"ImageObject","inLanguage":"tr","@id":"https:\/\/www.hosting.com.tr\/blog\/sigma-ile-tehdit-avciligi\/#primaryimage","url":"https:\/\/www.hosting.com.tr\/blog\/wp-content\/uploads\/2023\/04\/sigma-ile-tehdit-avciligi-siem-urunlerinde-tehdit-avi.jpeg","contentUrl":"https:\/\/www.hosting.com.tr\/blog\/wp-content\/uploads\/2023\/04\/sigma-ile-tehdit-avciligi-siem-urunlerinde-tehdit-avi.jpeg","width":1000,"height":500,"caption":"Sigma ile Tehdit Avc\u0131l\u0131\u011f\u0131, SIEM \u00dcr\u00fcnlerinde Tehdit Av\u0131"},{"@type":"BreadcrumbList","@id":"https:\/\/www.hosting.com.tr\/blog\/sigma-ile-tehdit-avciligi\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.hosting.com.tr\/blog\/"},{"@type":"ListItem","position":2,"name":"Teknoloji","item":"https:\/\/www.hosting.com.tr\/blog\/teknoloji\/"},{"@type":"ListItem","position":3,"name":"Sigma ile Tehdit Avc\u0131l\u0131\u011f\u0131, SIEM \u00dcr\u00fcnlerinde Tehdit Av\u0131"}]},{"@type":"WebSite","@id":"https:\/\/www.hosting.com.tr\/blog\/#website","url":"https:\/\/www.hosting.com.tr\/blog\/","name":"Hosting.com.tr","description":"Domain, Hosting, Startup\/Kobi, Dijital Pazarlama, Teknoloji, Wordpress ve Nas\u0131l Yap\u0131l\u0131r? kategorilerinde en g\u00fcncel yaz\u0131lar.","publisher":{"@id":"https:\/\/www.hosting.com.tr\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.hosting.com.tr\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"tr"},{"@type":"Organization","@id":"https:\/\/www.hosting.com.tr\/blog\/#organization","name":"Webhosting A.\u015e","url":"https:\/\/www.hosting.com.tr\/blog\/","logo":{"@type":"ImageObject","inLanguage":"tr","@id":"https:\/\/www.hosting.com.tr\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.hosting.com.tr\/blog\/wp-content\/uploads\/2025\/04\/hosting-logo.png","contentUrl":"https:\/\/www.hosting.com.tr\/blog\/wp-content\/uploads\/2025\/04\/hosting-logo.png","width":500,"height":157,"caption":"Webhosting A.\u015e"},"image":{"@id":"https:\/\/www.hosting.com.tr\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/hosting.com.tr","https:\/\/x.com\/hostingcomtr","https:\/\/instagram.com\/hostingcomtr","https:\/\/www.linkedin.com\/company\/hosting-com-tr\/","https:\/\/www.youtube.com\/channel\/UCFNJq7pU_T2SEjv7UgLDtRw"]},{"@type":"Person","@id":"https:\/\/www.hosting.com.tr\/blog\/#\/schema\/person\/769feb953535a36d98b2d05f5e3e1b73","name":"Sibel Ho\u015f","image":{"@type":"ImageObject","inLanguage":"tr","@id":"https:\/\/www.hosting.com.tr\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/71ef095ec76abd2cd680813a0851c643003d6b211003d0d1b5eb4d0e6f04caa6?s=96&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/71ef095ec76abd2cd680813a0851c643003d6b211003d0d1b5eb4d0e6f04caa6?s=96&r=g","caption":"Sibel Ho\u015f"},"url":"https:\/\/www.hosting.com.tr\/blog\/author\/sibel\/"}]}},"_links":{"self":[{"href":"https:\/\/www.hosting.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10054","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hosting.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hosting.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hosting.com.tr\/blog\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hosting.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=10054"}],"version-history":[{"count":1,"href":"https:\/\/www.hosting.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10054\/revisions"}],"predecessor-version":[{"id":14602,"href":"https:\/\/www.hosting.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10054\/revisions\/14602"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.hosting.com.tr\/blog\/wp-json\/wp\/v2\/media\/10055"}],"wp:attachment":[{"href":"https:\/\/www.hosting.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=10054"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hosting.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=10054"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hosting.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=10054"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}