SIGEA

Handles SSL termination and reverse proxying.

Powers the core REST API and HTMX dynamic frontend.

Embedded analytics database for high-performance rule caching.

Seamless integration with Keycloak for authentication and authorization.

Integration with the MITRE ATT&CK framework for threat intelligence mapping. Built into the core of TIDE for airgapped environments.

Integration with the OpenCTI platform for threat intelligence management. Pull threat intelligence data directly into TIDE for analysis and threat correlation.

Pull threat detection rules directly into TIDE from your SIEM for centralized monitoring and response.

Comprehensive workflow for validating detection rules, including manual analyst review. Includes promotion of rules based on **Quality** and **Metadata**.

Integration with the SIGMA framework for rule management and background synchronization state. Built into the core of TIDE for airgapped environments.

Converts SIGMA rules into a format compatible with your SIEM for seamless integration. Deploy from TIDE for instant coverage.

Comprehensive coverage metrics to identify gaps in your detection posture and prioritize rule development.

Log rule score directly back into your SIEM for centralized monitoring and analysis. Allows for real-time insights and auditing of detection rules.

The central rule cache and coverage metrics.

Manual analyst validation records.

Directory for background synchronization state.