A Threat Detection Marketplace is a centralized platform for discovering and deploying detection rules or running the queries in your SIEM, EDR/XDR, or Data Lake environment. It serves as a comprehensive library where you can explore detections enriched with threat intelligence, metadata, human expertise, and AI-driven context, helping you understand threat behavior and map it to the MITRE ATT&CK framework.
It also enables discovery of Active Threats through real-time threat intelligence, providing quick access to relevant detections.
In addition, Threat Detection Marketplace offers platform-specific translations of detection logic, allowing you to apply content across different SIEM, EDR/XDR, or Data Lake environments. You can also customize detection content to match your specific security environment, including applying alternative translation configurations, adjusting tables, indexes, field names, and detection logic before deployment, ensuring that rules and queries align with your data schema.
For direct deployment of Sigma rule translations, set up integration with a Data Plane – your SIEM, EDR/XDR, or Data Lake instance where your data lives.
You can use the following modules of the Threat Detection Marketplace:
Active Threats – Discover threats that provide real-time CTI and review detailed threat information.
Overview – Explore personalized content recommendations tailored to your needs, gain insights into your organization’s content usage trends over time and compare them to your industry and country.
Search – Search and browse Sigma rules presented as listings with key details. Use Standard and Lucene search.
Hunt – Search for the latest threats in your SIEM and XDR by running a query with a single click.
Analytics – Access dashboards and leaderboards to analyze platform usage, monitor trends, and evaluate detection coverage.