A modern, sovereign SIEM mapped to MITRE ATT&CK
Universal ingestion, +1000 Sigma rules, UEBA, threat intel, SOAR, SecuAI copilot — hosted at OVH Beauharnois.
Universal ingestion
Syslog RFC 3164/5424, Windows Event (WEF/WEC), AWS CloudTrail, O365 Audit, K8s audit, custom JSON via collector.
+1000 Sigma rules
Library maintained, mapped to MITRE ATT&CK. Managed updates, ability to add custom YAML rules.
UEBA
User and Entity Behavior Analytics: per-user/host baseline, temporal and geographic anomaly detection.
Threat intelligence
AlienVault OTX, MISP, abuse.ch feeds, real-time IOC integration: IPs, domains, hashes, TTPs.
Integrated SOAR
Automated response playbooks: host isolation, IP blocking, ITSM ticket opening, on-call notification.
SecuAI copilot
French-language incident summaries, remediation suggestions, playbook generation. Sovereign model on OVH.
MSP multi-tenant
Partner console, per-tenant isolation, white-label branding, distributor billing with discount.
SecuMon integration
Native pipeline: SecuMon metric anomalies published as security events. Native logs + metrics correlation.
Pre-built dashboards
MITRE ATT&CK heatmap, top threats, top users, geo activity, Loi 25/PIPEDA compliance, customizable.
Multi-region Canada
Distributed ingestion Beauharnois + Toronto. Regional failover, RPO < 5 min, RTO < 1h.
Quebec residency
Ingestion, hot/cold storage, indexing, search and analysis are 100% at OVH Beauharnois. Outside Cloud Act/Patriot Act/FISA.
Multichannel alerting
Email, SMS, Slack, Teams, Telegram, PagerDuty, Opsgenie, signed webhook. Escalation policies, on-call rotations.