Soteria is a US-based MSSP that has been using LimaCharlie for a long time. They developed a corpus of hundreds of behavioral signatures for Windows / Mac / Linux (signature not in terms of a hash, but in terms of a rule that describes a malicious behavior). With one click, you can apply their rules in a managed way. When Soteria updates the rules for their customers, you will get those updates in real time as well.

Soteria rules come at a cost of $0.5 per endpoint per month once you are on a paid tier. Soteria rules (as well as all other add-ons) are free for up to two endpoints.

Please note that Soteria won’t get access to your data, and you won’t be able to see or edit their rules - LimaCharlie acts as a broker between the two parties.

The rules cover attacks on Windows, macOS and Linux. You can check the dynamic MITRE ATT&CK mapping here:

Did this answer your question?