Back to home
01 · SIEM
Security events, unified
siem · live event streamcollecting
TimeStatusSourceEvent
10:47:02OK10.0.4.21auth.success user=jpritchard
10:47:04OK10.0.1.08dns.query host=updates.azure.com
10:47:06OK10.0.4.18http.get /api/v1/health 200
10:47:09BLOCK194.32.8.42sql.injection_attempt /search?q=' OR 1=1
10:47:11OK10.0.2.55file.access \\fs01\finance\reports.xlsx
10:47:14WARN10.0.3.71port.scan_slow 22,80,443,3389
10:47:19OK10.0.4.21tls.handshake cipher=TLS_AES_256_GCM
10:47:22WARN10.0.3.71process.unusual powershell.exe -enc <b64>
10:47:25OK10.0.5.11vpn.connect user=mhassan from=GB
10:47:28BLOCK92.119.160.118rdp.bruteforce 12 attempts in 60s
10:47:31OK10.0.4.18patch.apply KB5034441 success
$
SecureCore collects every log, every signal, and every anomaly from across your estate, endpoints, firewalls, servers, cloud workloads, and identity providers, into a single correlated view. Triage happens automatically, on-device, with no cloud round-trip.
Built on Wazuh under the hood and tuned for UK SMB and mid-market estates, the SIEM ships with hundreds of pre-built detection rules covering MITRE ATT&CK, CIS benchmarks, and the threats UK businesses actually face, phishing, credential theft, lateral movement, and ransomware staging.
- Universal log ingestion, Syslog, CEF, Windows Event Log, JSON, and REST
- Real-time correlation across identity, network, and endpoint signals
- Automated triage with severity scoring and de-duplication
- Searchable retention, 90 days hot, with long-term cold archive options
- One-click Cyber Essentials evidence packs, with ISO 27001 control mapping
All collected, correlated, and triaged on your appliance · No data leaves your network
