Managed Security · 24×7
Your SOC. Our floor. No 3 a.m. surprises.
Continuous detection and response on Wazuh-based SIEM, run by analysts who escalate with context — under SLAs we publish, not promise.
SOC floor · Live feed● MONITORING
Impossible travel — admin login DEL→SG in 4 min · isolated, escalated L200:42
Ransomware IoC matched on endpoint FIN-114 · quarantined01:15
Brute force on VPN gateway · source ASN blocked at edge02:03
New admin account created outside change window · ticket opened02:47
Illustrative sample events
Service levels
SLAs in writing, reported monthly.
SeverityTriage & notifyResponse action
critical≤ 15 minutesContainment initiated ≤ 60 min
high≤ 30 minutesResponse plan ≤ 4 hours
medium≤ 2 hoursSame business day
low≤ 8 hoursWeekly review cycle
Detection lifecycle
From signal to closure.
01
Collect
Endpoints, cloud, network and identity telemetry into SIEM.
02
Detect
Correlation rules + threat intel + anomaly baselines.
03
Triage
Human analysts kill false positives before they reach you.
04
Respond
Contain, escalate with context, run the IR playbook.
05
Report
Monthly SLA + posture reports, straight to GovernanceOps.
Customer portal
Portal previewYour incidents, SLAs and reports — visible anytime.
The same portal that will carry projects, tickets and compliance status as the ecosystem grows.
Common questions
Before you ask.
Either. Most clients run a hybrid: our floor covers 24×7 monitoring and first response; your team owns environment-specific escalation. The authority matrix is agreed at onboarding.
