Settings
Admin
Connectors, LLM gateway, roles, residency, and detection-tuning feedback. Vendor-neutral by construction — every integration is an adapter.
Connectors
- healthyMicrosoft SentinelSIEM · 4,812,000 events/24h
- healthyCrowdStrike FalconEDR · 902,400 events/24h
- healthyOktaIdP · 188,220 events/24h
- degradedAWS GuardDutyCloud · 12,100 events/24h
- healthyVirusTotalTIP · 8,421 events/24h
- healthyGreyNoiseTIP · 1,204 events/24h
- healthyTinesSOAR · 312 events/24h
- healthyJiraTicketing · 96 events/24h
LLM gateway
- Anthropic Claude 4.5 SonnetPrimary reasoning$642 / $1200
- OpenAI gpt-5.2Fallback reasoning$88 / $400
- Self-hosted Llama 3.3 70B (vLLM)PII-masked enrichment$0 / self-hosted
PII mask
on
Output validator
on
Train on data
off
Roles & access
- 2SOC Managerfull access · auto-containment override
- 9Tier-2 Analystinvestigate · approve containment
- 18Tier-1 Analysttriage · escalate
- 9Auditor (read-only)read incidents + audit log
Governance
AI management standardISO/IEC 42001:2023 (aligned)
Audit log retention365 days · immutable
Data residencyEU-Central (Frankfurt) · pinned
Self-hosted model optionLlama 3.3 70B via vLLM
TenancySingle-tenant (this workspace)
Training on customer dataDisabled
Detection tuning · feedback queue
| Rule | Issue | Suggested fix | FP impact | Status |
|---|---|---|---|---|
| EDR-PS-ENCODED-CMD-01 | Triggers on legitimate IT scripts | Allowlist signed scripts from \\sccm\scripts | −312/wk | review |
| IDP-OAUTH-UNVERIFIED-01 | Pre-approved apps still flagged | Sync allowlist from Entra workspace approvals | −118/wk | queued |
| LIN-SSHKEY-PERSIST-01 | Misses key rotation under change-mgmt window | Suppress when matching ITSM change ticket | −44/wk | review |