The Onum Blog
    Product News
2025-04-29T05:00:00+01:002 min

Real-Time Sigma Detection in Motion: Now Available in Onum

Apply Sigma detection rules directly to streaming data with Onum's pipeline integration. Spot threats in real-time without waiting for indexing, enhancing security response speed.

Dan Brault
Director, Product Marketing
Dan Brault
Director, Product Marketing
2025-04-29T05:00:00+01:002 min

From static rules to streaming intelligence

Sigma is the open standard for describing threat detection logic across platforms, formats, and environments. It gives security teams a common language to define suspicious behavior like lateral movement, privilege escalation, or credential misuse.

Each rule includes:

  • Keywords for loose pattern matching

  • Selections for field-value conditions

  • Conditions that define how logic is combined

Sigma is a core component of many SOC and threat hunting playbooks, but it’s typically used after the data is stored, indexed, and processed. That approach works, but it introduces delays, costs, and limits how fast teams can act.

Detection that moves as fast as the threat

Security teams need to detect threats closer to where they start. Onum makes that possible by letting you apply Sigma rules directly to log data as it moves through your pipeline.

There’s no waiting for indexing or query time. Onum evaluates events as they arrive and applies the detection logic defined in each Sigma rule in real-time. This means you can spot issues faster, reduce the volume of logs pushed downstream, and enrich events with the right context as they flow.

You still use your existing detection stack and rules, but now detection happens earlier, and your pipeline becomes smarter from the start.

Turn your pipeline into a detection engine

With Onum’s Sigma Rules action, detection becomes part of the pipeline itself. You define the logic, map the fields, and decide where enriched events go.

Security teams can:

  • Select rules from a built-in catalog

  • Map Sigma fields to event fields in your logs

  • Define the output field that stores match results

  • Route matched, unmatched, and error events separately

  • Enrich matches with structured metadata including rule ID, title, tags, and description

Every event continues to flow, whether matched or not. Onum inspects each one in real-time using the exact logic defined in your Sigma rules. The result is immediate insight without additional processing or storage overhead.

Ready to see it in action?
Bring your Sigma detection upstream and take control of your threat response. Book a demo to see how real-time rule evaluation helps teams detect faster, reduce downstream load, and act before threats escalate.

Post content

    Related resources