2025.11 Release

Features

• High-performance processing: Ingests tens of thousands of Windows Event Logs per second with minimal CPU usage.
• Low bandwidth footprint: Executes detection logic locally on each host, sending only matched detections over gRPC.
• Automatic audit policy management: Dynamically configures audit policies based on the rules you enable.
• Extensive ruleset: Ships with thousands of curated Sigma rules from the official Sigma repository.
• Customizable rules: Modify any rule at runtime to fit your environment and requirements.
• Flexible detection exclusions: Exclude detections using one or multiple event properties.
• Powerful integrations: Forward detections directly to ElasticSearch.
• MITRE ATT&CK visibility: Explore detection coverage by tactic, technique, or sub-technique.
• Effortless AD deployment: Install agents on domain controllers with a single click.
• Air-gapped ready: Fully operational without internet access.
• Zero external dependencies: Requires no DBMS or third-party components.
• Fast, simple installation: Get started in just a few clicks.

Support

• Compatible with Windows Server 2012R2/2016/2019/2022/2025 and Windows 8.1+ (x64)