Product tour

34 sections, written for the buying decision.

Every screen, every database table, every decision pathway documented. This page is an English summary — for full detail in Turkish, see /urun (TR).

Control Center

Single dashboard for executives — 0–100 posture, action queue, agent health, license status.

Topology

Locked 5-layer layout. Typed edges (DHCP/DNS/identity/tunnel/compute/security/app/mail).

Resources

All-in-one device inventory. Bulk CSV import, 4-layer discovery, AES-256-GCM credentials.

Multi-site

HQ + branch + DR + colo + cloud-region + home-office. Parent-child hierarchy, cascade delete.

Device categories & health

Custom categories with per-category health profiles + per-user permission scoping.

Events

OCSF-style canonical schema, ~30 event_types. 4 indexes on events table.

Event detail · MITRE · AI

Risk reasons, clickable MITRE ATT&CK chips (link to attack.mitre.org), AI investigator with credential-safe context.

Incident queue · SLA

Skor-based SLA (15min/4h critical), 7 queue tabs, quick triage actions.

Incident groups

Automatic clustering by event_type + src_ip. Triage at group level, not 200 events.

Component health

Disk SMART, fans, VPN tunnels, certificates — per-subsystem state on every device card.

Alert rules

30+ presets + custom CRUD. Preview mode against last 7 days. Composite event emission.

Behavioral baselines

24-bit hour bitmap, 7-bit day bitmap, top countries/IPs/devices per user. Nightly rebuild.

Correlation engine

5-min sliding window, 5+ failed logins → BRUTE_FORCE_DETECTED. Password spray detection.

Risk engine

Deterministic 0–100 score with privileged/threat/geo/off-hours multipliers. Auditable reasons.

SOAR · block + quarantine

Two modes: external block + internal quarantine (private RFC1918). Fortigate REST → addrgrp.

Compliance

ISO 27001:2022 Annex A · 19 controls + KVKK Article 12 · 6 sub-articles. Evidence drilldown.

Coverage · AI parser suggest

Tier × category × vendor visibility matrix. For unknown vendors, paste 5–20 raw log lines → AI proposes canonical event mapping + extraction patterns (suggestion-only).

Visibility gaps

Silent devices, missing logs, credential gaps, parser raw-only. Critical/high/medium priority.

Reports · evidence pack

JSON + Markdown + HTML evidence ZIP. Weekly Monday 09:00 executive PDF.

Audit log

Append-only mutation log. Retention-immune. Forensics-ready.

Remediation

Posture-driven task queue. Owners, due dates, risk acceptance workflow.

Runbooks

Per-event-type response procedures. Step-by-step + evidence capture.

Ownership matrix

Per-user workload, time-to-ack/time-to-resolve metrics, SLA pressure heatmap.

Change calendar

Planned change tracking with rollback evidence. Integrated with maintenance windows.

Maintenance windows

Scope: project/site/device. Suppresses alert evaluation, keeps ingest flowing.

Reachability logs

TCP probe + ICMP results in a dedicated table. Latency, status, deltas tracked.

Network scan

CIDR/IP range port scan + AI advice on which to onboard.

Discovery probes

MX lookup, website lookup, M365 probe + device sync — all credential-free.

Setup wizard

12-step onboarding. Skippable, resumable. Goal: live dashboard within 30 minutes.

AI on-demand

Claude for parser generation, advice, and incident investigation. Output language switch (Türkçe default / English). Credentials never sent.

Threat intel + geo

5 OSINT feeds — Tor exit, FireHOL Level 1, Spamhaus DROP, USOM/TR-CERT, Abuse.ch FeodoTracker (active botnet C2). Atomic refresh, never half-populated.

Notification channels

SMTP, M365 Graph, Web Push, WhatsApp (Meta Cloud API, free tier covers ~1000 conv/month), Slack, Teams, Webhook. Per-severity + quiet hours + independent WhatsApp risk threshold.

Operations & deployment

Preflight, support bundle, update center, backup/restore, retention, usage capacity, synthetic demo seeding (30-second prospect demo).

Developer documentation

Public API reference (~140 endpoints) + IT manager user guide — markdown, served from the admin panel, available in the install payload.

License & cloud pairing

Ed25519-signed JWT, offline validation. Optional daily heartbeat to cloud admin panel, with duplicate-instance detection.

Want the full Turkish article?

The TR version goes deeper: SQL schema, exact endpoint paths, env vars, code snippets — 1300+ lines of technical writing.