From static rules to streaming intelligence
Sigma is the open standard for describing threat detection logic across platforms, formats, and environments. It gives security teams a common language to define suspicious behavior from lateral movement to privilege escalation to credential misuse.
Each rule includes:
Keywords for loose pattern matching
Selections for specific field-value conditions
Conditions that define how logic is combined
Sigma is a core component of many SOC and threat hunting playbooks, but traditionally, Sigma rules are applied after logs are stored, indexed, and processed. That approach works, but a model that introduces delays, costs, and limits how fast teams can act.
Detection that moves as fast as the threat
Security teams need to detect threats closer to where they start. Onum makes that possible by letting you apply Sigma rules directly to streaming log data, in motion, as it moves through your pipeline.
There’s no waiting for indexing or query time. Onum evaluates events as they arrive, applying Sigma detection logic in real-time. This means you can spot issues faster, reduce the volume of logs pushed downstream, and enrich events with the right context as they flow.
You still use your existing detection stack and rules, but now detection starts at the very beginning of your pipeline, not the end.
Turn your pipeline into a detection engine
With Onum’s Sigma Rules action, your data pipeline becomes an active detection layer. You define the logic, map the fields, and decide where enriched events go.
Security teams can:
Select rules from a built-in catalog
Map Sigma fields to corresponding event fields
Define the output field for match results
Route matched, unmatched, and error events independently
Enrich matched events with structured metadata including rule ID, title, tags, and description
Every event continues to flow, whether matched or not. Onum inspects each one in real-time using the exact logic defined in your Sigma rules. The result is immediate insight without additional processing or storage overhead.
Ready to see it in action?
Bring your Sigma detection upstream and take control of your threat response. Book a demo to see how real-time rule evaluation helps teams detect faster, reduce downstream load, and act before threats escalate.
