AI module reading millions of log lines from applications, systems, network and cloud, detecting behavioural anomalies, correlating multi-source alerts, and classifying incidents by severity. Daily summary reports for the CISO, real-time alerts on critical incidents. Coupled with our managed SOC for 24/7 incident handling. Compliant with NIS 2 (ILR 24h notification) and DORA (ICT operational resilience) requirements.
Log collection from Windows Event Log, Linux syslog, Microsoft 365 audit log, Google Workspace, AWS CloudTrail, Azure Monitor, GCP Audit, firewalls (Fortinet, Palo Alto), EDR (CrowdStrike, SentinelOne, Defender), Kubernetes audit. Native connectors >40 sources. OCSF-normalised format.
AI builds a behavioural baseline per user and entity (workstations, servers, apps), then alerts on statistically significant deviations: unusual logins, off-hours access, abnormal download volume, lateral movements. Separates noise from signal.
A real attack leaves traces scattered: Active Directory + EDR + network + cloud. AI correlates these individually-insignificant events to reconstruct the full attack chain (MITRE ATT&CK). 10x reduction in investigation time.
Each detected incident is automatically classified by severity (critical, high, medium, low), MITRE tactic (initial access, persistence, exfiltration, etc.) and regulatory obligation (CNPD / ILR / CSSF notification required yes/no). Accelerated SOC triage.
Specific signals: mass encryption, shadow copy deletion, Defender disablement, PsExec/WMI deployment. Alert before full encryption. Coupled with an EDR, enables host isolation within 30 seconds.
Daily mail to CISO: 3 priority incidents from yesterday, key indicators (MTTD, MTTR, false positives), monthly trends. No more logs to read, just the essentials. Monthly executive report for the board with cyber risk evolution.
Auto-generation of ILR alert form within 24h for NIS 2 (Article 23) and CSSF form for DORA. Pre-filled with detected incident details. CISO validates and sends. Dossier retained for later audit.
Conversational interface: the CISO asks in natural language "have you seen connections from Iran this week" or "show me admin accounts active on weekends", AI translates to a log query and returns structured results.
Support PSFs and retail banks: regulatory CSSF + DORA monitoring, CSSF alert on incident.
Hospitals and health/social structures (NIS 2 essential entities healthcare sector): detection of intrusions targeting patient data, ILR alert within 24h.
Municipalities and public administrations (NIS 2 essential entities public sector): ransomware detection, defacement, citizen data leak.
Industrial SMEs and critical B2B suppliers (NIS 2 important entities): cyber monitoring without recruiting an internal SOC.
Law firms, trustees, family offices: protection of sensitive client data, ISO 27001 compliance.
Ingestion: lightweight agents (Wazuh, Vector, Beats) or native syslog/API. Kafka streaming pipeline + ClickHouse for hot storage, S3 (AES-256 encrypted, OVH or Scaleway EU) for cold. AI models: anomaly detection (Isolation Forest, autoencoders), classification (BERT fine-tuned on real incidents), NLP for threat hunting (Mistral on-premise or GPT-4 per policy).
Visibility: custom Grafana dashboard + conversational web interface. Notifications: email, Slack, Teams, SMS for critical alerts. Coupled with our Luxgap managed SOC 24/7 for handling.
Hosting: Luxembourg (Tier IV LU-CIX) + DRP in Strasbourg (OVH SBG5). RTO 4h, RPO 15 minutes.
POC with no long-term commitment. Tailored quote within one business day.
Build my quote →
