Advanced threat detection rules. Powered by Sysdig threat research.

Detection rules define the behaviors that indicate potential threats in cloud-native environments. Sysdig’s Threat Research Team (TRT) continuously curates and enhances these rules to protect against the latest cloud-native attacks. Get precision-tuned detections mapped to MITRE ATT&CK® and leading compliance frameworks.

Rule collections group related detection rules to help you quickly identify and mitigate specific types of cloud-native threats. Whether categorized by MITRE ATT&CK® tactic, compliance framework, or data source like AWS or Kubernetes, each collection delivers high-fidelity detections refined by Sysdig’s Threat Research Team to reduce noise and strengthen your security posture.