An AI-augmented security operations platform that sits on top of your existing Wazuh deployment. Every alert gets AI reasoning. Every cycle makes the next one smarter.
Everything a security operations team needs, built on Wazuh and powered by Claude AI. Self-hosted on your infrastructure. No vendor lock-in.
Claude AI analyzes every alert with full context — asset criticality, user risk, threat intel, behavioral baselines, and playbook guidance. Returns structured verdicts with confidence scores, MITRE mapping, and recommended actions.
Auto-close FPs at 92%+ confidenceThe feedback engine tracks which rules produce false positives, where humans override the AI, and what patterns recur. It then proposes Wazuh rule XML modifications — reviewed and deployed through the dashboard.
Self-improving detection rulesAsk questions in plain English: “Show me all machines that talked to 10.0.0.50 in the last 24 hours.” The query agent translates to OpenSearch queries, runs them, and synthesizes a human-readable answer.
Two-pass Claude: plan → synthesizeEvery 6 hours, the hunt agent generates hypotheses based on MITRE ATT&CK coverage gaps, builds OpenSearch queries, runs them, and surfaces findings for analyst review. Continuous, not quarterly.
Hypothesis-driven · every 6 hoursAlerts are automatically grouped into incidents using 4-rule priority logic (IP+rule, user+tactic, host, fallback). Full timeline, MITRE badges, assignment, notes, merge, and Slack/email notifications.
Deterministic grouping · 30min window9 response actions (block IP, isolate host, kill process, quarantine file, and more) with verification. Plus integrated vulnerability management — find CVEs, generate fix commands, execute remotely, verify the update landed.
9 actions · CVE remediate & verify30-day baselines per agent, IP, and user. Z-score anomaly detection flags unusual activity on every alert. Anomaly indicators show up in the triage UI and feed directly into the AI's reasoning.
Z-score · 2.5σ thresholdOverview, Triage, Incidents, Detection, Hunt, Closed Loop, Investigate, Respond, Admin. Charts, filters, expandable details, role-based access. Everything in one embedded UI — no separate frontend to deploy.
FastAPI + embedded React4-role RBAC, JWT auth with PBKDF2 hashing (260k iterations), per-endpoint rate limiting, prompt injection defense, XML validation, audit logging, and security headers. Built for real deployments.
OWASP 2023 compliantDeploy it yourself. Docker Compose on any Linux box. Up to 30 agents, 1 user, 50 AI triages/day. Request access and we send you the package.
Request Community Access →We deploy it for you. We configure the platform on your infrastructure, tune it for your environment, and hand you a production-ready setup. Book a call to get started.
Book a Call →Manual triage, static rules. Analysts burned out. 400k alerts/day. Rules never tuned. Threats missed in noise.
Doesn't scaleAI triage + self-tuning rules. Auto-close FPs with 92%+ confidence. Detection rules improve themselves via feedback loop.
Compounds dailyWe license the AI layer for MSSPs and cybersecurity firms. White-label it under your brand. Deploy on your clients' infrastructure. Talk to us about partnership.
Book a Partnership Call →Join our Pre-Access Program. Get early access to the platform, direct support from our team, and help shape the product roadmap.
Join Pre-Access Program →