Soteria is a US-based MSSP that has been using LimaCharlie for a long time. They developed a corpus of hundreds of behavioral signatures for Windows / Mac / Linux (signature not in terms of a hash, but in terms of a rule that describes a malicious behavior). With one click, you can apply their rules in a managed way. When Soteria updates the rules for their customers, you will get those updates in real time as well.

Soteria rules come at a cost of $0.5 per endpoint per month once you are on a paid tier. Soteria rules (as well as all other add-ons except Net) are free for up to two endpoints.

Please note that Soteria won’t get access to your data, and you won’t be able to see or edit their rules - LimaCharlie acts as a broker between the two parties.

The rules cover attacks on Windows, macOS and Linux. You can check the dynamic MITRE ATT&CK mapping here:

Did this answer your question?