Which statement best describes Sigma's rule format?

Sigma’s rule format is a universal, human-readable way to describe detections across different log sources. Rules are written in a simple YAML-like structure that focuses on what happened (the detection logic, keywords, conditions) and how to apply it to various log sources, rather than on a specific platform. This design makes Sigma portable: a single rule can be translated into searches for Windows event logs, Linux syslog, cloud services, or network/firewall logs, so analysts can share detections without learning a separate syntax for every SIEM. It isn’t tied to Windows, nor is it a firewall rule syntax or a proprietary malware signature format; it’s intended as a flexible, easy-to-write format that works across many types of logs.