Endpoint detection & response
Built on the open SigmaHQ detection standard — the same ruleset the industry's SOCs use — plus live threat intelligence and on-demand antivirus.
- 1,200+ detection rules across execution, persistence, defence evasion, and network behaviour.
- Real-time blocking on Linux, detection and response across Windows and macOS.
- Response with a human in the loop — isolate a device or kill a process behind an approval gate, every action in a tamper-evident log.
- Nightly CVE matching — installed software checked against the vulnerability database; stale patches page me, not you.