Skip to content
Back to home
01 · SIEM

Security events, unified

siem · live event streamcollecting
TimeStatusEvent
10:47:02OKauth.success user=jpritchard
10:47:04OKdns.query host=updates.azure.com
10:47:06OKhttp.get /api/v1/health 200
10:47:09BLOCKsql.injection_attempt /search?q=' OR 1=1
10:47:11OKfile.access \\fs01\finance\reports.xlsx
10:47:14WARNport.scan_slow 22,80,443,3389
10:47:17OKsmtp.relay [email protected]
10:47:19OKtls.handshake cipher=TLS_AES_256_GCM
10:47:22WARNprocess.unusual powershell.exe -enc <b64>
10:47:25OKvpn.connect user=mhassan from=GB
10:47:28BLOCKrdp.bruteforce 12 attempts in 60s
10:47:31OKpatch.apply KB5034441 success
$

SecureCore collects every log, every signal, and every anomaly from across your estate, endpoints, firewalls, servers, cloud workloads, and identity providers, into a single correlated view. Triage happens automatically, on-device, with no cloud round-trip.

Built on Wazuh under the hood and tuned for UK SMB and mid-market estates, the SIEM ships with hundreds of pre-built detection rules covering MITRE ATT&CK, CIS benchmarks, and the threats UK businesses actually face, phishing, credential theft, lateral movement, and ransomware staging.

  • Universal log ingestion, Syslog, CEF, Windows Event Log, JSON, and REST
  • Real-time correlation across identity, network, and endpoint signals
  • Automated triage with severity scoring and de-duplication
  • Searchable retention, 90 days hot, with long-term cold archive options
  • One-click Cyber Essentials evidence packs, with ISO 27001 control mapping

All collected, correlated, and triaged on your appliance · No data leaves your network