Skip to content
ZxR Cyber Sentinel 4.1 is available — Discover our AI models
Security Operations Center

Security Operations Center (SOC)

Threat detection, investigation and response : powered by AI and MITRE ATT&CK.

18
Modules
5
Supported SIEMs
5
EDR/XDR
9/9
MITRE Tactics
Zaxyr SOC Dashboard : MITRE ATT&CK coverage and real-time alerts

SOC Dashboard

Real-time centralized view of your security posture with full MITRE ATT&CK coverage.

SOC Dashboard

  • Real-time alert and threat overview
  • MITRE ATT&CK coverage (9 tactics)
  • Alert distribution by source (Wazuh, Suricata, EDR, PAN-OS)
  • KPIs: new alerts, critical alerts, active incidents, systems online
  • Activity heatmap by hour and day
  • MTTR, MTTD and false positive rate indicators

Alert Management

Intelligent alert triage with multi-criteria filtering and automatic MITRE ATT&CK mapping.

Alert Management

  • Filter by severity (Critical, High, Medium, Low)
  • View by SIEM source (Wazuh, Elastic, Splunk, QRadar, Sentinel)
  • Manual and automatic analyst assignment
  • L1 + L2 automation (rule-based automatic triage)
  • MITRE ATT&CK mapping per alert (tactic + technique)
  • Automatic enrichment of associated IOCs
Zaxyr SOC alert management with MITRE ATT&CK mapping
Platform preview

Incident Management

Complete incident lifecycle with automatic escalation and alert-asset linkage.

Incident Management

1
Detection
Initial incident identification
2
Investigation
Deep analysis and evidence collection
3
Containment
Isolation and impact limitation
4
Eradication
Threat removal
5
Recovery
Service restoration
6
Closure
Documentation and lessons learned
  • Incident timeline with contextual enrichment
  • Automatic TIER1 → TIER2 → TIER3 escalation
  • Alert-incident-asset linkage
  • Impact calculation and severity scoring

Investigation Cases

Group alerts, IOCs and timelines into structured investigation cases.

Investigation Cases

  • Group alerts, IOCs and timelines per case
  • Assignment by tier and analyst
  • Linkage with incidents and threat intelligence
  • Progress tracking and status (Open, In Progress, Closed)
  • Action history and analyst notes

Threat Intelligence

Multi-source IOC management with automatic correlation to active incidents.

Threat Intelligence

  • IOC management (IP, Domain, URL, MD5, SHA256)
  • Sources: AlienVault OTX, MISP, VirusTotal, MalwareBazaar
  • Confidence levels (High, Medium, Low)
  • Correlation with active incidents
  • STIX 2.1 and OpenIOC import/export
  • Feed management and automatic enrichment

Response Playbooks

Pre-configured playbooks for the most common attack scenarios, with per-tier steps.

Response Playbooks

Brute Force Response

TIER1 + TIER2

Detection, IP blocking, compromised account analysis

Data Exfiltration

TIER2 + TIER3

Network isolation, flow analysis, DPO notification (GDPR)

Phishing Response

TIER1 + TIER2

Email quarantine, URL/attachment analysis, credential reset

Malware Containment

TIER1 + TIER2

Endpoint isolation, network scan, eradication and remédiation

Each playbook is GDPR-compliant with built-in DPO notification for data breach scenarios.

Threat Hunting

Proactive threat search with Sigma Rules, Hypothesis Builder and ad-hoc queries.

Threat Hunting

  • Sigma Rules Library (SIEM-compatible import/export)
  • Hypothesis Builder (guided by MITRE ATT&CK)
  • Query Runner (real-time ad-hoc log queries)
  • Detection engineering workflow
  • Hunt history and results tracking
ML

UEBA (User & Entity Behavior Analytics)

Machine learning behavioral anomaly detection with 30-day baseline.

UEBA (User & Entity Behavior Analytics)

  • ML Model: Isolation Forest
  • 30-day behavioral baseline

Anomaly Types

  • Unusual Login (geolocation, device, time)
  • Impossible Travel (geographically impossible connections)
  • Data Exfiltration (abnormal transfer volumes)
  • Off-Hours Activity (activity outside normal hours)
  • Privilege Escalation (suspicious privilege elevation)

ASM (Attack Surface Management)

Continuous discovery and monitoring of your external attack surface.

ASM (Attack Surface Management)

  • Subdomain Enumeration (automatic subdomain discovery)
  • Port & Service Scan (exposed service detection)
  • Full Discovery (domains, IPs, SSL certificates, technologies)
  • Continuous monitoring with change alerts
  • Integration with vulnerability registry

Forensics & Digital Investigation

4 investigation modules with chain of custody and evidence collection.

Forensics & Digital Investigation

Incident Response

Structured security incident response

Malware Analysis

Static and dynamic malware analysis

Data Breach

Data breach investigation

Insider Threat

Internal threat detection

  • Complete and auditable chain of custody
  • Evidence collection with timestamping and integrity hash
  • Forensic timeline with artifacts
  • Exportable investigation reports

SOAR (Security Orchestration, Automation & Response)

6 automated actions with visual playbooks and multi-platform integration.

SOAR (Security Orchestration, Automation & Response)

Block IP

Automatic firewall blocking (PAN-OS, pfSense)

Isolate Host

Endpoint isolation via EDR (CrowdStrike, Defender)

Disable User

Automatic AD/IAM account deactivation

Enrich IOC

Automatic enrichment via TI feeds

HTTP Request

Webhook to third-party tools and external APIs

Notify

Team notification (email, Slack, Teams, Telegram)

Firewall / SIEMEDR / XDRAD / IAMThreat Intelligence
Zaxyr SOAR automation and orchestration interface
Platform preview
AI

SOC AI (Zaxyr AI)

6 AI analysis modules to accelerate triage, investigation and response.

SOC AI (Zaxyr AI)

Alert AnalysisFile AnalysisLog AnalysisIOC ExtractionNetwork AnalysisMalware Analysis

AI Capabilities

  • Automatic MITRE ATT&CK Mapping
  • IOC Extraction from logs and alerts
  • Alert Summarization (executive summary)
  • False Positive Reduction
  • Threat Actor Attribution
  • Recommended Actions (guided response)
Zaxyr AI-powered SOC analysis modules
Platform preview

Integrations

10 native integrations with market-leading SIEMs and EDR/XDR solutions.

Integrations

SIEM

ElasticSplunkIBM QRadarMicrosoft SentinelWazuh

EDR / XDR

CrowdStrike FalconMicrosoft DefenderSentinelOneCarbon BlackCortex XDR

Shift Management & Handover

24/7 rotation planning with documented handovers and full history.

Shift Management & Handover

  • 24/7 rotation planning (3x8, 2x12, custom)
  • Documented handovers between shifts
  • Transfer history and ongoing actions
  • Automatic notification of incoming analysts
  • Cross-team task handoff tracking

SOC Reports

Operational KPIs, source distribution and automated templates.

SOC Reports

  • KPIs: total alerts, resolved, false positives, MTTR
  • Distribution by SIEM source and MITRE tactic
  • Automated templates (daily, weekly, monthly)
  • Export PDF, DOCX, XLSX
  • Differentiated executive and technical reports
  • Historical trends and period comparison

Request a SOC Demo