Shieldlix Detection Engine
37,000+ detection rules across 60+ threat families. Threshold, correlation, and anomaly detection mapped to MITRE ATT&CK.
Architecture
Technology Stack
Core Features
Threshold Rules
Fire when event count exceeds a threshold within a time window for a specific entity.
Correlation Rules
Fire when an ordered sequence of event types occurs for the same entity within a window.
Anomaly Rules
Fire when event volume deviates from statistical baseline (mean + N*standard deviation).
MITRE ATT&CK Mapping
Every rule maps to MITRE tactics and techniques for coverage analysis.
Risk Scoring
Each rule generates risk scores (1-100). Incidents aggregate scores per entity.
Entity-Centric
Process events per entity (user, host, IP, device, service). Maintain per-entity baselines.
37,000+ Rules
Curated catalog across 60+ threat families. Template expansion generates rule variants.
Incident Grouping
Group alerts by tenant + entity + 24h bucket. Compute cumulative severity.
Detection Rule Types
Threshold
N events in T seconds
“20+ failed logins in 5min”
Score: 25Correlation
Event A then B then C
“Failed login then success”
Score: 35Anomaly
Count > mean + N*stddev
“Spike above 3-sigma baseline”
Score: 30Threat Families (20 of 60+)
Risk Severity Mapping
How Shieldlix Compares
Cost Comparison
Annual detection platform costs by fleet size. Shieldlix is always free.
Detect every threat
Free forever. No credit card. No usage limits.
Splunk ES requires premium licensing. Shieldlix is free.