A simple collection of Elastalert rules derived from Sigma
Valid for ELK + Sysmon + Winlogbeat + Filebeat + Elastalert
Derived from the great project @https://github.com/Neo23x0/sigma, along with some personal rules
Rules are configured to send alerts to an email alias named "elk-alert" (to be configured in your MTA)