34 sections, written for the buying decision.
Every screen, every database table, every decision pathway documented. This page is an English summary — for full detail in Turkish, see /urun (TR).
Control Center
Single dashboard for executives — 0–100 posture, action queue, agent health, license status.
Topology
Locked 5-layer layout. Typed edges (DHCP/DNS/identity/tunnel/compute/security/app/mail).
Resources
All-in-one device inventory. Bulk CSV import, 4-layer discovery, AES-256-GCM credentials.
Multi-site
HQ + branch + DR + colo + cloud-region + home-office. Parent-child hierarchy, cascade delete.
Device categories & health
Custom categories with per-category health profiles + per-user permission scoping.
Events
OCSF-style canonical schema, ~30 event_types. 4 indexes on events table.
Event detail · MITRE · AI
Risk reasons, clickable MITRE ATT&CK chips (link to attack.mitre.org), AI investigator with credential-safe context.
Incident queue · SLA
Skor-based SLA (15min/4h critical), 7 queue tabs, quick triage actions.
Incident groups
Automatic clustering by event_type + src_ip. Triage at group level, not 200 events.
Component health
Disk SMART, fans, VPN tunnels, certificates — per-subsystem state on every device card.
Alert rules
30+ presets + custom CRUD. Preview mode against last 7 days. Composite event emission.
Behavioral baselines
24-bit hour bitmap, 7-bit day bitmap, top countries/IPs/devices per user. Nightly rebuild.
Correlation engine
5-min sliding window, 5+ failed logins → BRUTE_FORCE_DETECTED. Password spray detection.
Risk engine
Deterministic 0–100 score with privileged/threat/geo/off-hours multipliers. Auditable reasons.
SOAR · block + quarantine
Two modes: external block + internal quarantine (private RFC1918). Fortigate REST → addrgrp.
Compliance
ISO 27001:2022 Annex A · 19 controls + KVKK Article 12 · 6 sub-articles. Evidence drilldown.
Coverage · AI parser suggest
Tier × category × vendor visibility matrix. For unknown vendors, paste 5–20 raw log lines → AI proposes canonical event mapping + extraction patterns (suggestion-only).
Visibility gaps
Silent devices, missing logs, credential gaps, parser raw-only. Critical/high/medium priority.
Reports · evidence pack
JSON + Markdown + HTML evidence ZIP. Weekly Monday 09:00 executive PDF.
Audit log
Append-only mutation log. Retention-immune. Forensics-ready.
Remediation
Posture-driven task queue. Owners, due dates, risk acceptance workflow.
Runbooks
Per-event-type response procedures. Step-by-step + evidence capture.
Ownership matrix
Per-user workload, time-to-ack/time-to-resolve metrics, SLA pressure heatmap.
Change calendar
Planned change tracking with rollback evidence. Integrated with maintenance windows.
Maintenance windows
Scope: project/site/device. Suppresses alert evaluation, keeps ingest flowing.
Reachability logs
TCP probe + ICMP results in a dedicated table. Latency, status, deltas tracked.
Network scan
CIDR/IP range port scan + AI advice on which to onboard.
Discovery probes
MX lookup, website lookup, M365 probe + device sync — all credential-free.
Setup wizard
12-step onboarding. Skippable, resumable. Goal: live dashboard within 30 minutes.
AI on-demand
Claude for parser generation, advice, and incident investigation. Output language switch (Türkçe default / English). Credentials never sent.
Threat intel + geo
5 OSINT feeds — Tor exit, FireHOL Level 1, Spamhaus DROP, USOM/TR-CERT, Abuse.ch FeodoTracker (active botnet C2). Atomic refresh, never half-populated.
Notification channels
SMTP, M365 Graph, Web Push, WhatsApp (Meta Cloud API, free tier covers ~1000 conv/month), Slack, Teams, Webhook. Per-severity + quiet hours + independent WhatsApp risk threshold.
Operations & deployment
Preflight, support bundle, update center, backup/restore, retention, usage capacity, synthetic demo seeding (30-second prospect demo).
Developer documentation
Public API reference (~140 endpoints) + IT manager user guide — markdown, served from the admin panel, available in the install payload.
License & cloud pairing
Ed25519-signed JWT, offline validation. Optional daily heartbeat to cloud admin panel, with duplicate-instance detection.
Want the full Turkish article?
The TR version goes deeper: SQL schema, exact endpoint paths, env vars, code snippets — 1300+ lines of technical writing.
