CompTIA SecurityX (CAS-005) — Question 113

A security engineer wants to stay up-to-date on new detections that are released on a regular basis. The engineer's organization uses multiple tools rather than one specific vendor security stack. Which of the following rule-based languages is the most appropriate to use as a baseline for detection rules with the multiple security tool setup?

Answer options

• A. Sigma
• B. YARA
• C. Snort
• D. Rita

Correct answer: A

Explanation

Sigma is designed to be a generic format for writing detection rules that can be used across various security platforms, making it ideal for environments with multiple tools. YARA is primarily used for malware identification, while Snort is focused on network intrusion detection, and Rita is a tool for network traffic analysis; therefore, they are not as suitable for a broad detection rule application across varied tools.