The Sigma standard format rule-based Behavioral Engine identifies malicious programs and behaviors even if no signatures have been detected by the Signatures – YARA Engine, or no indicators of compromise by the IOC Engine.
This engine identifies variants of known viruses for which signatures or IOCs are unknown, or new viruses or programs that generate suspicious behavior.