Detections
The Detections page lets you view and manage detection rules used by AlphaSOC to identify threats and anomalies in your environment. Here, you can explore AlphaSOC built-in detections and add your own custom Sigma rules to tailor detection coverage to your organization's specific needs.
On top of the page, use search and filters to narrow down detections and rules by:
- Name
- Type (AlphaSOC or Sigma)
- Severity
- Status (enabled, disabled)
AlphaSOC Detections
AlphaSOC provides a wide variety of high-quality detections out of the box, designed to identify threats and anomalies across diverse environments. These detections are supported across many data origins, including cloud platforms (e.g., AWS, Azure, GCP), SaaS applications (e.g., Okta, GitHub), endpoints (e.g., CrowdStrike, SentinelOne), network sensors (e.g., Zeek, Suricata), and more. They leverage behavioral analysis, threat intelligence, and anomaly detection to surface both known and novel threats with minimal configuration. Click here to see the full list of available AlphaSOC detections.
To learn more about a specific AlphaSOC detection, just click the detection name in the list and the description will open on the right side of the page.
Sigma Rules
AlphaSOC natively supports Sigma Rules, enabling users to enhance detection capabilities with custom rules tailored to their environment. These rules can be added manually through the AlphaSOC web console or imported programmatically via our API, providing flexibility for seamless integration and automation.
Adding custom Sigma rules
To add a custom Sigma rule:
- Click New Sigma rule.
- Paste or write the Sigma rule.
- Click Save.
After saving, the custom rule appears in the Sigma Rules section. Unsaved rules appear as draft until you save them.
Managing Sigma rules
After clicking on the Sigma rule, you will see the editor view and action menu. From there you can edit the status of the rule (enable or disable) by toggling the switch, save the edited rule, or delete it.
