Settings

Admin

Connectors, LLM gateway, roles, residency, and detection-tuning feedback. Vendor-neutral by construction — every integration is an adapter.

Connectors

OCSF normalization · 8 active
  • Microsoft Sentinel
    SIEM · 4,812,000 events/24h
    healthy
  • CrowdStrike Falcon
    EDR · 902,400 events/24h
    healthy
  • Okta
    IdP · 188,220 events/24h
    healthy
  • AWS GuardDuty
    Cloud · 12,100 events/24h
    degraded
  • VirusTotal
    TIP · 8,421 events/24h
    healthy
  • GreyNoise
    TIP · 1,204 events/24h
    healthy
  • Tines
    SOAR · 312 events/24h
    healthy
  • Jira
    Ticketing · 96 events/24h
    healthy

LLM gateway

LiteLLM · 3 providers · single-tenant inference
  • Anthropic Claude 4.5 Sonnet
    Primary reasoning
    $642 / $1200
  • OpenAI gpt-5.2
    Fallback reasoning
    $88 / $400
  • Self-hosted Llama 3.3 70B (vLLM)
    PII-masked enrichment
    $0 / self-hosted
PII mask
on
Output validator
on
Train on data
off

Roles & access

RBAC · 4 roles · 38 members
  • SOC Manager
    full access · auto-containment override
    2
  • Tier-2 Analyst
    investigate · approve containment
    9
  • Tier-1 Analyst
    triage · escalate
    18
  • Auditor (read-only)
    read incidents + audit log
    9

Governance

ISO 42001 · audit log · residency
AI management standardISO/IEC 42001:2023 (aligned)
Audit log retention365 days · immutable
Data residencyEU-Central (Frankfurt) · pinned
Self-hosted model optionLlama 3.3 70B via vLLM
TenancySingle-tenant (this workspace)
Training on customer dataDisabled

Detection tuning · feedback queue

Analyst-flagged tuning suggestions awaiting detection-eng review
RuleIssueSuggested fixFP impactStatus
EDR-PS-ENCODED-CMD-01Triggers on legitimate IT scriptsAllowlist signed scripts from \\sccm\scripts−312/wkreview
IDP-OAUTH-UNVERIFIED-01Pre-approved apps still flaggedSync allowlist from Entra workspace approvals−118/wkqueued
LIN-SSHKEY-PERSIST-01Misses key rotation under change-mgmt windowSuppress when matching ITSM change ticket−44/wkreview