Use cases

BluSapphire’s Machine Learning models rely on a combination of Supervised Learning models, Unsupervised Learning Models coupled with Predictive Data Analytics. Unsupervised Learning models need time to learn the environment and are prone to a lot of false +ves. But at the same time Unsupervised Learning models are good at detecting the “unknown unknowns”. BluSapphire reduces the Time-To-Value by using a combination Behavior Analytics with Unsupervised models like Isolation Forests etc., thereby improving accuracy.

Using Data Analytics, MITRE ATT&CK matrix models and Supervised Learning models, BluSapphire can provide value from Day one.

File-less malwares

File-less malware are more destructive and sophisticated malwares riding on legitimate programs running on endpoints. These types of malwares do not have footprint. By nature, these types of malwares are challenging to handle.

Lateral movements

BluSapphire relies on NetFlow Data to detect lateral movement. BluSapphire can also ingest Process Execution information, Browser activity, User activity and security logs from endpoints using our micro-agent to detect, disrupt and contain lateral movements of threat actors.

Zero days & Ransomware

BluSapphire does not rely on signature information. Relying on detecting TTPs of the attacker, using a Behavior based multi-vector Threat Detection models , BluSapphire can detect Zero-days, Ransomware, “known-unknowns” within milliseconds and also proactively protect against these threats in real-time.

Malicious Tunnels

BluSapphire’s can detect malicious usage of protocols for Tunneling like DNS, SSH, HTTP etc., using signal intelligence techniques. One of the unique features of BluSapphire is that we do not rely on any SSL gateway(s) to detect this. No traffic decryption needed.

If the customer already has an method to provide decrypted data, then we can consume it using ICAP.


BluSapphire will map all malicious activities against MITRE ATT&CK matrix that enables analysts to understand the threat, action, cause, impact and resolution very quickly.

Threat Intelligence

BluSapphire consolidates threat intelligence from the sources mentioned in Appendix B, de-duplicates and disseminates the Threat Intel to all its customers on customizable schedule. The default schedule is every hour.

BluSapphire also supports collecting Threat Intelligence from any Third-Party sources that support STIX, TAXII or CSV. BluSapphire also supports MISP.

Adaptive Threat Hunting

BluSapphire supports agentless Threat Hunting across the enterprise. Analysts can look for specific artifacts provided in industry standard JSON format (or via UI). Analysts can also perform assumption based threat hunts that rely on statistical anomalies to detect suspicious activity.

SIEM / Log mgmt./ Data Lake Replacement

BluSapphire’s Open Data Platform can easily replace traditional SIEMs, Log management tools and offer a Big Data based Data Lake with capabilities that also offer traditional SIEM rules. BluSapphire an also easily ingest SIGMA rules inline and match any compliance requirements with ease.

Live Case Studies and Use Cases are available at

Last updated