From ec14452cfed199586fcf8d9367b36b0afd9242aa Mon Sep 17 00:00:00 2001
From: Nasreddine Bencherchali <monsteroffire2@gmail.com>
Date: Wed, 19 Nov 2025 12:48:39 +0100
Subject: [PATCH] Merge PR #5764 from @nasbench - Revise rule creation section
 in README

chore: Updated the rule creation section to include a high-level guide and the Sigma specification.
---
 README.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 7a2028559..a6a85809c 100644
--- a/README.md
+++ b/README.md
@@ -61,10 +61,10 @@ Others provide excellent analyses, include IOCs and YARA rules to detect the mal
 
 ## 🏗️ Rule Creation
 
-To start writing Sigma rules please check the following guides:
+To start writing Sigma rules please check the following high level guide along with the sigma specification:
 
-* [Rule Creation Guide](https://github.com/SigmaHQ/sigma/wiki/Rule-Creation-Guide)
-* [How to Write Sigma Rules - Nextron Systems](https://www.nextron-systems.com/2018/02/10/write-sigma-rules/)
+* [Rule Creation High‐Level Guide]([https://github.com/SigmaHQ/sigma/wiki/Rule-Creation-Guide](https://github.com/SigmaHQ/sigma/wiki/Rule-Creation-High%E2%80%90Level-Guide))
+* [Sigma Specification](https://github.com/SigmaHQ/sigma-specification)
 
 ## 🔎 Contributing & Making PRs