Saeros is an HIDS that scans Windows event logs in real-time. The purpose is to detect suspicious activities including password-guessing attempts, data exfiltration, ...

As of today it relies on 2000+ Sigma rules and uses ETW for event subscription. It is relatively comparable to Chainsaw, SilkETW and Hayabusa.