Rule Engine

NewRequest for a demonstration

Events to Actions

Avalannchio rule engine detects complex event patterns and takes automated actions.

Hero Image


Remote agents collect data from devices, existing log tools or various endpoints and send them to Avalanchio in real-time.


Extract required features from the events and define rules using SQL and various other techniques to detect simple to advanced patterns.

Automated Actions

Send incidicators to alert center for further investigation, call webhooks, run playbooks or simply send alert notifications.


SQL or Drag and No-code query builder

Express your business logic using standard ANSI SQL, which will run continuously. Refine results using several built-in layers of techniques such anomaly detection, rarity analysis.

Low latency and high concurrency queries

Run thousands of queries per day, with query latency as low as a few milliseconds.

Trigger Action

Automate actions as soon as some suspicious patterns are found from the events. Send alerts, run playbooks, invoke web hooks etc.

Backtesting & Feedback

Re-run a rule on historical events to test a hypothesis. Analysts’ feedbacks are used to curb false alarms using a built-in ML model.

How it works

Rule engine analyzes data in real-time, continuously builds data profiles, triggers automate actions as soon as some suspicious patterns are detected in the events.

Hero Image

Easy to configure rules

Use SQL statements to filter targeted events or prepare enriched datasets.

Define rule using sigma rule format. It makes it easy to integrate with rules maintained by open source community.

Run the rules against real time data stream with response time as low as a few seconds.

Rule engine can execute thousands of rules against large data volume with less hardware.

Rare event detection and prediction

Identify rare or unusual events or behaviors within a system or network

E.g. user suddenly accesses a sensitive file that they have never accessed before

E.g. a particular type of network traffic occurs at an unexpected time or frequency.

Predict rare events ahead of time to precautionary measure.


Rate Limiter

Preventing abuse, overuse, and ensuring fair usage of resources using rate limiter

Control the rate at which clients can make requests to certain resources.

Sets limits on the number of requests within a specified timeframe

Trigger controls to throttle rate of requests or block requests completely.

Anomaly Detection

Detects anomalies using built-in anomaly detection techniques.

Techniques such as isolation forest, one class SVM, local outlier factor, Histogram-based Outlier Detection (HBOS) to name a few.

No-code is required

Majority of the algorithms are unsupervised. Hence, they start working as soon as you on-board data.


Indicator Classifier

Indicator classifier minimizes false positive detections or also known as false alarms using built-in machine learning models.

The models are periodically retrained to gather intelligence from recent actions by the analysys on the indicators reducing the simiar work in future.

Allows your team to focus on truely important events by eliminating noise.

Automated Actions

Run remediation playbooks. Use hundreds of hundreds of built-in playbooks or create your own very easily using Python script.

Run webhooks to call any third party endpoints, for example, to trigger a workflow.

Send notifications via email.



Agents collect data from your local data center, existing log tools or REST endpoints.


Define rules using SQL. Run the rules in near realtime to detect complex patterns.


Send events data to alert center, call webhooks, run playbooks etc.