Sigma is a generic, vendor-neutral detection rule format for log-based detections — write once, convert to any SIEM (Splunk SPL, Microsoft KQL, Elastic EQL, etc.).
Sigma enables sharing detection rules across the community. GitHub has thousands of community-contributed Sigma rules. pySigma and sigmac convert to platform-specific queries. Combine with ATT&CK mapping for comprehensive detection coverage.