2026 · Built in Türkiye

IT operations, log management & KVKK compliance —
in one pane of glass.

ShamashAi is an on-prem, vendor-neutral, AI-assisted IT visibility & light-SIEM platform built for 100–500 device mid-size organizations. Designed so a single IT manager can deploy it in 30 minutes.

01 / 06
0
Bloklanan girişim
sayfaya geldiğinizden beri
/events · live ingest
auto-refresh 30s · 5dk korelasyon penceresiLive
10
Connectors
syslog · REST · WinRM · Graph
30+
Event types
OCSF-style canonical schema
~150
Endpoints
REST API · Fastify backend
30 d
Free pilot
no commitment · easy cancel
3 hours of a real attack scenario

A breach that starts at 03:07 ends in 4 seconds.

Scroll down. See how a classic lateral attempt plays out without — and with — ShamashAi.

Stage 1 · 02:14

Reconnaissance begins

Hourly port scan from a Chinese IP. 142 failed attempts on RDP 3389 and VPN 4433. Visible in the traditional firewall log — but nobody reads it.

Stage 2 · 03:07

Breach

Another attacker from the same IP succeeds with reused credentials. SSL-VPN opens, looks "normal". Vendor dashboard shows a green tick.

Stage 3 · 03:07:04

ShamashAi catches it

5-minute correlation window: brute-force series + threat-intel match + behavioral anomaly. Risk score 87/100. Composite rule "lateral-attempt" fires.

Stage 4 · 03:07:08

SOAR isolates

IP is added to the Fortigate addrgrp, user session is killed. 4-second containment. Email + ticket + full audit trail ready for the team in the morning.

/incident/replay · 03:07 → 03:07:09
PORT_SCAN02:14:33 from 124.221.x.x → tcp/3389 tcp/4433 tcp/8443
AUTH_FAIL02:14:51 user=admin from 124.221.x.x · 12 fails
VPN_LOGIN_OK03:07:02 user=cengiz from 124.221.x.x · NEW_GEO=CN
BEHAVIORAL_ANOMALY03:07:02 login outside baseline · usual=TR off-hours
THREAT_INTEL_HIT03:07:04 src=124.221.x.x · firehol+spamhaus match
CORRELATION03:07:04 rule=lateral-attempt · 4 signals · score=87
SOAR_BLOCK03:07:08 fortigate-01.addrgrp += 124.221.x.x · ttl=60m
SESSION_KILL03:07:08 user=cengiz sessions revoked · 1 active
INCIDENT_CREATED03:07:09 INC-2024-1108 assigned=ahmet · SLA=4h
contained · 0.0s
↕ Scroll down to advance time
Threat intel + correlation

Internet-wide intrusion attempts, stopped at one perimeter.

Tor exit nodes, FireHOL Level 1, Spamhaus DROP — three open feeds refreshed hourly. Every inbound src_ip is matched instantly; the correlation engine also detects brute-force and password spray within a 5-minute sliding window. With SOAR enabled, Fortigate auto-blocks the IP.

3
Feeds
~3.6K
Bad IP / hr
< 1 s
Match latency
İstanbul (HQ)
LIVE · 0 attempted intrusions ─ all blocked
For the IT manager

30–100 systems, millions of logs, one administrator.

A modern IT environment produces millions of logs every day. One IT manager can't follow them all. SIEM rollouts take months, six-figure invoices. Result: critical events go unnoticed, KVKK audits get rushed paperwork.

A separate UI per vendor

Fortigate, AD, vCenter, M365, NAS, Cisco, Sophos… each with its own console, its own log shape, its own report. Time + attention drain.

KVKK tally in Excel

When the auditor shows up, your 'we log everything' evidence is hand-built tables, screenshots, missing timestamps. Costs time, doesn't convince anyone.

03:00 attack, noticed at 09:00

8 failed RDP attempts, an off-hours VPN login, a foreign country — if nobody is watching, it didn't happen. Passive log retention won't save you.

Before vs after

A SOC day without ShamashAi vs with ShamashAi.

Drag the slider — the same operation in two versions. Left: 7 tabs, 142 unread alarms, 6-hour delay. Right: one pane, automatic containment, audit-ready.

BEFORE · without ShamashAiAFTER · with ShamashAi
ShamashAi Control Center — one pane
browser tabs: 1
open cases
3
avg containment
4.2 s
auto blocks / 30d
1.2K
KVKK coverage
91%
ISO 27001 controls
78%
audit report
< 1 m
SOC dashboard — 7 vendors, 7 tabs open
browser tabs: 24
142
unread alarms
Fortigate · M365 · vCenter
6 hours
lag
03:07 event seen in the morning
0
auto blocks
no manual SOAR
8
separate UIs
no common schema
?%
KVKK evidence
tracked in Excel
4 days
report prep
audit-ready work

Drag → compare · ← → keyboard arrows

Why ShamashAi for the IT manager

You install it on your own, you run it on your own.

Deployment

30 minutes

  • One host, one SQL Server, one installer (PowerShell + MSI).
  • 12-step setup wizard — skippable, resumable.
  • Bootstrap admin (env: ADMIN_EMAIL + ADMIN_PASSWORD).
  • Paste license key, Fortigate REST API user, AD WinRM trust — wizard handles the rest.
  • Auto-discovery finishes and the Control Center is live.
Data ownership

Stays with you

  • On-prem first — core features work even with no internet access.
  • Air-gap mode: all outbound can be closed; SOAR + alerts + reports keep running.
  • No telemetry; phone-home is optional (only v2 license heartbeat).
  • Credentials are NEVER sent to AI; only anonymous fingerprint + sample.
  • KVKK Article 12 evidence-mapped, local hosting, Turkish law.
Try it

30 days free pilot. No commitment, easy to cancel.

AFN Teknoloji handles deployment, training, and the first week of operational support. If you continue after the pilot, 75% discount applies for the first 3 months.