Security observabilityfrom one API call
Your WAF covers the perimeter. SOCWarden watches what gets through, enriching every event with threat intelligence, behavioral detection and risk scoring.
Live detection
See SOCWarden in Action
Every event enriched with GeoIP, threat intelligence, behavioral signals and a composite risk score. All in real time.
| Time | Event | Risk | Level |
|---|---|---|---|
| 2m ago | auth.login.failure | 87 | high |
| 5m ago | admin.user.created | 12 | low |
| 8m ago | auth.login.failure | 95 | critical |
| 12m ago | api.key.generated | 4 | safe |
| 18m ago | auth.password.reset | 72 | high |
Features
Complete security observability
Built for engineering teams with no dedicated SOC. Automates detection, scoring and alerting so you can focus on shipping.
Threat Intelligence
15+ bulk threat feeds plus 9 real-time API enrichment sources (AbuseIPDB, GreyNoise, Shodan InternetDB, Pulsedive, HIBP, WHOIS, and 3 LLM providers). Every event enriched automatically with zero add-on cost.
Behavioral Detection
21 behavioral, sequence, and kill-chain detectors including brute force, impossible travel, credential spray, account takeover, data exfiltration, server persistence, and 5 kill chain patterns.
Risk Scoring
Composite 0-100 score per event. Combines event type base score, threat feeds, behavioral signals and external OSINT confidence.
MITRE ATT&CK + OWASP
Every alert tagged with MITRE T-codes and OWASP Top 10 categories. Static lookup, no runtime cost. Audit-ready from day one.
AI Alert Summaries
LLM-generated plain-English explanations for every alert. What happened, why it matters and recommended action. No JSON deciphering.
Server Agent
Lightweight agent binary for SSH, file integrity, process monitoring and Docker events. Ships to the same POST /v1/events endpoint.
Developer experience
Ship secure features faster
SDKs for Laravel, Node.js, Python, Go, Browser and a raw HTTP API. Integrate in under 2 minutes. Every SDK auto-collects IP, user agent and request context.
- Single endpoint: POST /v1/events
- Auto-context collection (IP, UA, geo)
- 202 Accepted in <5ms, zero blocking
- Queue-backed async enrichment
use SOCWarden\Facades\SOCWarden;
// After a successful login
SOCWarden::track(
event: 'auth.login.success',
actor: $user,
);
// โ 202 Accepted ยท Enriched in <5msEnrichment engine
Alert detection & threat classification
Every event passes through three enrichment layers. Here's what a real high-risk event looks like after processing.
Security
Built with security in mind
GDPR Ready
Data isolation per organization. Right to deletion. Data export on request. Full audit logging.
Data Encrypted
TLS 1.3+ in transit. AES-256 at rest. API keys bcrypt-hashed. Secrets never stored in plaintext.
Row-Level Security
Row-level security for tenant isolation. Organization-scoped queries. No data leakage between tenants.
Integrations
Seamless integration partners
Alert channels and SDKs that work out of the box. Connect your stack in minutes.
Pricing
Simple pricing, serious security
Start free. Scale as you grow. Yearly = 2 months free.
Free
- 1 project ยท 1 member
- Email alerts
- 7-day retention
- GeoIP + threat feed matching
- Brute force detection
- Event explorer
Starter
- 3 projects ยท 3 members
- Email + Telegram
- 30-day retention
- Full OSINT + AbuseIPDB
- Impossible travel + geo-anomaly
- 2 server agents
- AI summaries (dashboard)
7-day free trial, no credit card required
Pro
- 10 projects ยท 10 members
- Slack + Discord + Webhook
- 60-day retention
- 5 custom threat models
- ML behavioral detection
- 10 server agents + Docker
- Incident management
- AI summaries (all channels)
7-day free trial, no credit card required
Business
- Unlimited everything
- PagerDuty + MS Teams
- 90-day retention
- SSO (SAML/OIDC)
- SIEM forwarding
- Unlimited agents
- SOC 2 compliance dashboard
- Auto-block rules
7-day free trial, no credit card required
No contracts. Cancel anytime. All threat intelligence included.
Ready to secure your application?
Free tier included. No credit card required. Full threat intelligence from day one.