IT operations, log management & KVKK compliance —
in one pane of glass.
A breach that starts at 03:07 ends in 4 seconds.
Scroll down. See how a classic lateral attempt plays out without — and with — ShamashAi.
Reconnaissance begins
Hourly port scan from a Chinese IP. 142 failed attempts on RDP 3389 and VPN 4433. Visible in the traditional firewall log — but nobody reads it.
Breach
Another attacker from the same IP succeeds with reused credentials. SSL-VPN opens, looks "normal". Vendor dashboard shows a green tick.
ShamashAi catches it
5-minute correlation window: brute-force series + threat-intel match + behavioral anomaly. Risk score 87/100. Composite rule "lateral-attempt" fires.
SOAR isolates
IP is added to the Fortigate addrgrp, user session is killed. 4-second containment. Email + ticket + full audit trail ready for the team in the morning.
Internet-wide intrusion attempts, stopped at one perimeter.
Tor exit nodes, FireHOL Level 1, Spamhaus DROP — three open feeds refreshed hourly. Every inbound src_ip is matched instantly; the correlation engine also detects brute-force and password spray within a 5-minute sliding window. With SOAR enabled, Fortigate auto-blocks the IP.
30–100 systems, millions of logs, one administrator.
A modern IT environment produces millions of logs every day. One IT manager can't follow them all. SIEM rollouts take months, six-figure invoices. Result: critical events go unnoticed, KVKK audits get rushed paperwork.
A separate UI per vendor
Fortigate, AD, vCenter, M365, NAS, Cisco, Sophos… each with its own console, its own log shape, its own report. Time + attention drain.
KVKK tally in Excel
When the auditor shows up, your 'we log everything' evidence is hand-built tables, screenshots, missing timestamps. Costs time, doesn't convince anyone.
03:00 attack, noticed at 09:00
8 failed RDP attempts, an off-hours VPN login, a foreign country — if nobody is watching, it didn't happen. Passive log retention won't save you.
As capable as a SIEM, as practical as one binary.
Every module runs on the canonical event schema. Adding a new vendor doesn't break your alert rules, SLAs, or compliance evidence.
A SOC day without ShamashAi vs with ShamashAi.
Drag the slider — the same operation in two versions. Left: 7 tabs, 142 unread alarms, 6-hour delay. Right: one pane, automatic containment, audit-ready.
Drag → compare · ← → keyboard arrows
You install it on your own, you run it on your own.
30 minutes
- One host, one SQL Server, one installer (PowerShell + MSI).
- 12-step setup wizard — skippable, resumable.
- Bootstrap admin (env: ADMIN_EMAIL + ADMIN_PASSWORD).
- Paste license key, Fortigate REST API user, AD WinRM trust — wizard handles the rest.
- Auto-discovery finishes and the Control Center is live.
Stays with you
- On-prem first — core features work even with no internet access.
- Air-gap mode: all outbound can be closed; SOAR + alerts + reports keep running.
- No telemetry; phone-home is optional (only v2 license heartbeat).
- Credentials are NEVER sent to AI; only anonymous fingerprint + sample.
- KVKK Article 12 evidence-mapped, local hosting, Turkish law.
30 days free pilot. No commitment, easy to cancel.
AFN Teknoloji handles deployment, training, and the first week of operational support. If you continue after the pilot, 75% discount applies for the first 3 months.
