Collector Layer Microsoft 365 event collection Windows and Linux log ingestion Cloud connector support for AWS paths
Detection Engine Severity scoring and prioritization Context-based risk enrichment Pattern matching + correlation flow
Investigation Workspace Timeline-based incident review User and source context snapshots Analyst notes for handoff and audit
Response Playbooks Guided remediation suggestions Controlled auto-response simulation Outcome tracking for post-incident review
Privacy Controls Supports local model execution in private environments No mandatory cloud dependency for core analysis paths
Deployment Options Static frontend deployment on Netlify Backend stack can run in isolated internal infrastructure
Pilot Focus Start with high-frequency incident types Validate triage speed, response quality, and operator workflow