Rule Engine

Hero Image

Real-time

Remote agents collect data from devices, existing log tools or various endpoints and send them to Avalanchio in real-time.

Detection

Extract required features from the events and define rules using SQL and various other techniques to detect simple to advanced patterns.

Automated Actions

Send incidicators to alert center for further investigation, call webhooks, run playbooks or simply send alert notifications.

frame

SQL or Drag and No-code query builder

Express your business logic using standard ANSI SQL, which will run continuously. Refine results using several built-in layers of techniques such anomaly detection, rarity analysis.

Low latency and high concurrency queries

Run thousands of queries per day, with query latency as low as a few milliseconds.

Trigger Action

Automate actions as soon as some suspicious patterns are found from the events. Send alerts, run playbooks, invoke web hooks etc.

Backtesting & Feedback

Re-run a rule on historical events to test a hypothesis. Analysts’ feedbacks are used to curb false alarms using a built-in ML model.

How it works

Rule engine analyzes data in real-time, continuously builds data profiles, triggers automate actions as soon as some suspicious patterns are detected in the events.

Hero Image
Easy-to-configure

Easy to configure rules

Use SQL statements to filter targeted events or prepare enriched datasets.

Define rule using sigma rule format. It makes it easy to integrate with rules maintained by open source community.

Run the rules against real time data stream with response time as low as a few seconds.

Rule engine can execute thousands of rules against large data volume with less hardware.

Rare event detection and prediction

Identify rare or unusual events or behaviors within a system or network

E.g. user suddenly accesses a sensitive file that they have never accessed before

E.g. a particular type of network traffic occurs at an unexpected time or frequency.

Predict rare events ahead of time to precautionary measure.

ecommerce
ecommerce

Rate Limiter

Preventing abuse, overuse, and ensuring fair usage of resources using rate limiter

Control the rate at which clients can make requests to certain resources.

Sets limits on the number of requests within a specified timeframe

Trigger controls to throttle rate of requests or block requests completely.

Anomaly Detection

Detects anomalies using built-in anomaly detection techniques.

Techniques such as isolation forest, one class SVM, local outlier factor, Histogram-based Outlier Detection (HBOS) to name a few.

No-code is required

Majority of the algorithms are unsupervised. Hence, they start working as soon as you on-board data.

ecommerce
ecommerce

Indicator Classifier

Indicator classifier minimizes false positive detections or also known as false alarms using built-in machine learning models.

The models are periodically retrained to gather intelligence from recent actions by the analysys on the indicators reducing the simiar work in future.

Allows your team to focus on truely important events by eliminating noise.

Automated Actions

Run remediation playbooks. Use hundreds of hundreds of built-in playbooks or create your own very easily using Python script.

Run webhooks to call any third party endpoints, for example, to trigger a workflow.

Send notifications via email.

Action

Real-time

Agents collect data from your local data center, existing log tools or REST endpoints.

Rules

Define rules using SQL. Run the rules in near realtime to detect complex patterns.

Actions

Send events data to alert center, call webhooks, run playbooks etc.