Merge pull request #141 from SigmaHQ/version_2

Version 2.0 release

README.md

@@ -1,43 +1,66 @@
-# Sigma-Specification
+# Sigma Specification - Generic Signature Format for SIEM Systems
 
-This repository is used to maintain the specification for the Sigma format.
+<a href="https://sigmahq.io/">
+<p align="center">
+<br />
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./media/images/sigma_logo_dark.png">
+  <img width="454" alt="Sigma Logo" src="./media/images/sigma_logo_light.png">
+</picture>
+</p>
+</a>
+<br />
 
-[Web version](https://sigmahq.github.io/sigma-specification/)
+<p align="center">
+<a href="https://sigmahq.io/"><img src="https://cdn.jsdelivr.net/gh/SigmaHQ/sigmahq.github.io@master/images/Sigma%20Official%20Badge.svg" alt="Sigma Official Badge"></a> <img alt="GitHub Repo stars" src="https://img.shields.io/github/stars/SigmaHQ/sigma-specification">
+<br />
+<a href="https://opensourcesecurityindex.io/" target="_blank" rel="noopener">
+<img style="width: 170px;" src="https://opensourcesecurityindex.io/badge.svg" alt="Open Source Security Index - Fastest Growing Open Source Security Projects" width="170" />
+</a>
+</p>
 
-## Version Management
+Welcome to the official Sigma Specification repository.
 
-The version number is in the form of 3 digits 'A.B.C':
+## A Quick Rundown
 
-- 'A' A major version that could break existing converters
-- 'B' A minor version with additions or modifications of functionality affecting but not breaking the converters
-- 'C' Reorganization of section, addition of examples etc.
+Here's what you can expect from each of the main subfolders within this repo. Please take a minute to educate yourself!
 
-## Current Version
+### Specification
 
-The Sigma format specifications is described in the file [Sigma_specification](Sigma_specification.md)  
+[Specification](./specification/) will contain markdown files describing the Sigma specification format in details.
 
-There exists two other files in the repository to describe the different fields and tags to be used in Sigma rules:
+* [Sigma Rules Specification](./specification/sigma-rules-specification.md) - Describes what constitute a Sigma rule.
+* [Sigma Correlation Specification](./specification/sigma-correlation-rules-specification.md) - Describes the Sigma correlation format.
+* [Sigma Filters Specification](./specification/sigma-filters-specification.md) - Described the Sigma filters format.
 
-- [Tags_specification](Tags_specification.md) is a document that defines the standardized tags that can be used to categorize the different Sigma rules.
-- [Taxonomy_specification](Taxonomy_specification.md) is a document that defines the different field names and log sources that should be used to ensure sharable rules
+### JSON Schema
 
-## Work in Progress
+[Json-Schema](./json-schema/) will contain a list of JSON schemas for the following.
 
-This section lists upcoming developments and changes to the standard. Please note:
+* [Sigma Rules](/json-schema/sigma-detection-rule-schema.json)
+* [Sigma Correlation Rules](/json-schema/sigma-correlation-rules-schema.json)
+* [Sigma Filters](/json-schema/sigma-filters-schema.json)
 
-- That it's still in a process of dictation and feedback.  
-- It is possible that some are added and then deleted before the finalization of the version.  
+### Appendix
 
-Do not hesitate to open a discussion with tag `V2` in the title. Example `V2 proposal of new modifier X`.  
+[Appendix](./appendix/) will contain additional files providing additional details to certain fields of a Sigma rule
 
-For more information, check the [version_2 branch](https://github.com/SigmaHQ/sigma-specification/tree/version_2)
+* [Sigma Modifiers Appendix](appendix/sigma-modifiers-appendix.md) is a document that defines the different modifiers that can be used in a Sigma rule. 
+* [Sigma Tags Appendix](appendix/sigma-tags-appendix.md) is a document that defines the tags namespaces that can be used to categorize the different Sigma rules.
+* [Sigma Taxonomy Appendix](appendix/sigma-taxonomy-appendix.md) is a document that defines the different field names and log sources that are currently supported by SigmaHQ in order to ensure sharable rules.
 
-## Archive of Old Specifications
+### SigmaHQ
 
-Local copy [sigmahq Specification wiki 2022/09/24](archives/wiki.md) or the online [sigmahq Specification wiki](https://github.com/SigmaHQ/sigma/wiki/Specification)
+[SigmaHQ](./sigmahq/) will contain markdown files that describe rules and recommendations that are applied to the rules hosted in SigmaHQ main rule repository.
 
-## SigmaHQ
+> **Note**
+>
+> The SigmaHQ folder and the files contains within are not part of the sigma specification. They are there to ensure and easier management of the rules hosted in the main [rule repository](https://github.com/SigmaHQ/sigma/tree/master/rules)
 
-The following files are not part of the sigma specification. They are only helpers for the management of the main [rule repository](https://github.com/SigmaHQ/sigma/tree/master/rules)
+* [SigmaHQ Rule Convention](/sigmahq/sigmahq-rule-convention.md)
+* [SigmaHQ Filename Convention](/sigmahq/sigmahq-filename-convention.md)
+* [SigmaHQ Title Convention](/sigmahq/sigmahq-title-convention.md)
 
-[SigmaHQ Filename Normalisation](sigmahq/Sigmahq_filename_rule.md)
+## Version 2 Changes
+
+You can read more on the potential breaking changes and additional features introduced in version 2.0.0 of the specification [here](./other/version-2-changes.md)