Sigma is an open source project that aims at creating a generic query language for security and D&R rules. It looks up known anomalies and Common Vulnerabilities and Exposures (CVEs).

As Sigma is an open source project,

  • applying the Sigma ruleset is free

  • there will be a higher rate of false positives

Soteria is a US-based MSSP that has been using LimaCharlie for a long time. They developed a corpus of hundreds of behavioral signatures for Windows / Mac / Linux (signature not in terms of a hash, but in terms of a rule that describes a behavior). With one click, you can apply their rules in a managed way. When Soteria updates the rules for their customers, you will get those updates in real time as well.

As Soteria is a managed ruleset,

  • applying the Soteria ruleset costs $0.5 per endpoint per month

  • the rate of false positives is much lower

Did this answer your question?