Soteria Rules
- 03 Mar 2023
- 1 Minute to read
- Contributors
- Print
- DarkLight
Soteria Rules
- Updated on 03 Mar 2023
- 1 Minute to read
- Contributors
- Print
- DarkLight
Article Summary
Share feedback
Thanks for sharing your feedback!
Soteria is a US-based MSSP that has been using LimaCharlie for a long time. They developed a corpus of hundreds of behavioral signatures for Windows / Mac / Linux (signature not in terms of a hash, but in terms of a rule that describes a malicious behavior). With one click, you can apply their rules in a managed way. When Soteria updates the rules for their customers, you will get those updates in real time as well.
Soteria rules come at a cost of $0.5 per endpoint per month once you are on a paid tier. Soteria rules (as well as all other add-ons) are free for up to two endpoints.
Data access
Please note that Soteria won’t get access to your data, and you won’t be able to see or edit their rules - LimaCharlie acts as a broker between the two parties.
The rules cover attacks on Windows, macOS and Linux. You can check the dynamic MITRE ATT&CK mapping here:
Enabling Soteria Rules
To enable the Soteria rules, you want to navigate to the Add-ons section and search for Soteria using the search bar.
Under the Organization dropdown, select a tenant (organization) you want to subscribe to Soteria rules and click Subscribe.
You can also manage add-ons from the Subscriptions menu under Billing.
Tenants that have been subscribed to the add-on, will be marked with a green check mark in the Organization dropdown.
Infrastructure as Code
Alternatively, to manage tenants and LimaCharlie functionality at scale, you can leverage our Infrastructure as Code functionality.
Was this article helpful?