Sigma is an open source project that aims at creating a generic query language for security and D&R rules. It looks up known anomalies and Common Vulnerabilities and Exposures (CVEs).
As Sigma is an open source project,
applying the Sigma ruleset is free
there will be a higher rate of false positives
Soteria is a US-based MSSP that has been using LimaCharlie for a long time. They developed a corpus of hundreds of behavioral signatures for Windows / Mac / Linux (signature not in terms of a hash, but in terms of a rule that describes a behavior). With one click, you can apply their rules in a managed way. When Soteria updates the rules for their customers, you will get those updates in real time as well.
As Soteria is a managed ruleset,
applying the Soteria ruleset costs $0.5 per endpoint per month
the rate of false positives is much lower