north.sh

The new
SecOps Platform.

All your SecOps alerts, correlations, aggregations, vulnerability data & threat intelligence, all in one single platform.

Introducing

Alert. Correlate. Analyse. Done exceptionally.

Built out of the need for an open, centralised platform for SOCs to house and triage security incidents and alerts, what emerged was not only the best front-line experiences, but also one of the most productive.

Alerting

Alerting. Brought absolutely next-level.

Centrally view, manage, schedule & update all your SIEM alerts – across multiple SIEMs – across different vendors – and even across multiple clients, all without having to login to a single one.

Deployment

Easily manage automatic git-based deployments out to every SIEM.

Automatic Validation

Each alert is tested to work effectively in the SIEM prior to deployment.

Performance

Monitor the performance of each alert as they run against your SIEMs.

Community Intelligence

Leverage the thousands of existing contributions from the detection community.

Scalable

Ensure alert coverage by permitting each alerter process to scale horizontally.

Efficient

See at a glance which of your alerts are running the slowest. Extend the timespan of any alert in a single click.

Optimize

Eliminate all reoccurring false positives by easily setting filters and filter groups across multiple rules.

Timeline

Giving you the
complete picture.

See a full timeline of what happened – across any hostuser, or any other indicator – to provide the full picture of an ongoing security incident, even across multiple incoming logsources.

Enrich

All the information.
Everywhere it's needed.

Using all the tooling you already use, each alert is enriched using services like VirusTotal, WhoIS, crt.sh. Even see Geo IP Lookups, Process Trees and more – right in the alert screen.

Unify

All your alerts.
Already combined.

Never again deal with hundreds of duplicate alerts. See all security events aggregated automatically into a single alert as they are ingested. Other security events that may not have triggered an individual alert can now also be ingested & presented.

Integrate

Bring all your
existing stack.

Out-of-the-box support for a wide range of SIEMs & Logging Platforms, Threat Intelligence Platforms, Vulnerability Management Solutions, and Communications & Escallation chains.

Committed to Open-Source. Always.
Coming Soon