Behavioral Detection Engine
Sigma Rules

A Sigma rules-based detection engine to block threats by identifying suspicious behavior.

Sigma’s rule-based Behavioral Engine enables analysts to set up and share rules describing techniques, tools, and procedures (TTPs), as well as attacker behaviors listed in cybersecurity frameworks such as MITRE ATT&CK.

Behavioral Engine detects:

Techniques, tools, and procedures (TTP)

Malicious behavior

check

Detecting suspicious or malicious behavior

The Sigma standard format rule-based Behavioral Engine identifies malicious programs and behaviors even if no signatures have been detected by the Signatures – YARA Engine, or no indicators of compromise by the IOC Engine.

This engine identifies variants of known viruses for which signatures or IOCs are unknown, or new viruses or programs that generate suspicious behavior.

check

Expertly designed, customizable Sigma rules

The Sigma rules of the Behavioral Engine are developed, implemented, maintained, and enhanced over time by our Cyber Threat Intelligence (CTI) team, by operating system (OS) and by version.

This ongoing research and development contributes to the quality and value of the EDR, which offers full access to detection rules to enable analysts to identify the origin of alerts.

In addition, rules can be modified and enriched. Users can add rules from third-party sources, targeted to their own context or broader parameters to detect weak signals.

check

Behaviors detected by Sigma rules

The Behavioral Engine takes events on workstations and servers as input and applies the Sigma rules developed by the CTI team to detect suspicious or malicious behavior, covering threats such as elevation-of-privilege techniques, data theft from browsers or processes, persistence, and more.