From 08e00945aa105e2f1cbcdd7446fc9bff800c32ff Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Sat, 16 Feb 2019 09:51:02 +0100
Subject: [PATCH] doc: SANS webcast link in README

---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index 56f12b603..1448efbe7 100644
--- a/README.md
+++ b/README.md
@@ -24,6 +24,12 @@ This repository contains:
 
 [![Sigma - Generic Signatures for Log Events](https://preview.ibb.co/cMCigR/Screen_Shot_2017_10_18_at_15_47_15.png)](https://www.youtube.com/watch?v=OheVuE9Ifhs "Sigma - Generic Signatures for Log Events")
 
+## SANS Webcast on MITRE ATT&CK and Sigma
+
+The SANS webcast on Sigma contains a very good 20 min introduction to the project by John Hubbart from minute 39 onward. (SANS account required; registration is free)
+
+[MITRE ATT&CK and Sigma Alerting Webcast Recording](https://www.sans.org/webcasts/mitre-att-ck-sigma-alerting-110010 "MITRE ATT&CK and Sigma Alerting")
+
 # Use Cases
 
 * Describe your detection method in Sigma to make it sharable