The Onum Blog
2025-04-28T05:00:00+01:002 min

Real-Time Sigma Detection in Motion: Now Available in Onum

Apply Sigma detection rules directly to streaming data with Onum's pipeline integration. Spot threats in real-time without waiting for indexing, enhancing security response speed.

Dan Brault
Director, Product Marketing
Dan Brault
Director, Product Marketing
2025-04-28T05:00:00+01:002 min

From static rules to streaming intelligence

Sigma is the open standard for describing threat detection logic across platforms, formats, and environments. It gives security teams a common language to define suspicious behavior from lateral movement to privilege escalation to credential misuse.

Each rule includes:

  • Keywords for loose pattern matching

  • Selections for specific field-value conditions

  • Conditions that define how logic is combined

Sigma is a core component of many SOC and threat hunting playbooks, but traditionally, Sigma rules are applied after logs are stored, indexed, and processed. That approach works, but a model that introduces delays, costs, and limits how fast teams can act.

Detection that moves as fast as the threat

Security teams need to detect threats closer to where they start. Onum makes that possible by letting you apply Sigma rules directly to streaming log data, in motion, as it moves through your pipeline.

There’s no waiting for indexing or query time. Onum evaluates events as they arrive, applying Sigma detection logic in real-time. This means you can spot issues faster, reduce the volume of logs pushed downstream, and enrich events with the right context as they flow.

You still use your existing detection stack and rules, but now detection starts at the very beginning of your pipeline, not the end.

Turn your pipeline into a detection engine

With Onum’s Sigma Rules action, your data pipeline becomes an active detection layer. You define the logic, map the fields, and decide where enriched events go.

Security teams can:

  • Select rules from a built-in catalog

  • Map Sigma fields to corresponding event fields

  • Define the output field for match results

  • Route matched, unmatched, and error events independently

  • Enrich matched events with structured metadata including rule ID, title, tags, and description

Every event continues to flow, whether matched or not. Onum inspects each one in real-time using the exact logic defined in your Sigma rules. The result is immediate insight without additional processing or storage overhead.

Ready to see it in action?
Bring your Sigma detection upstream and take control of your threat response. Book a demo to see how real-time rule evaluation helps teams detect faster, reduce downstream load, and act before threats escalate.

Post content