Documentation

Getting Started

SOCWarden detects threats in real-time. Your app sends events through an SDK, our pipeline enriches them with GeoIP, OSINT, behavioral analysis, and AI — then alerts you when something is wrong.

How it works

Your App / SDK→↓Ingestor→↓Enricher→↓Dashboard

GeoIP + UA ParseOSINT (15 feeds)Behavioral DetectionAI Classification

Quick start — 2 minutes

Pick your SDK → SDK Guides
Install the package and add your SOCWARDEN_API_KEY
Call track() on any security event
Open the dashboard — events appear in seconds

No SDK? Use the REST API directly, or install the Server Agent for infrastructure monitoring.

POSThttps://ingest.socwarden.com/v1/events

Authorization: Bearer sk_live_{your_key}
Content-Type: application/json

{
  "event": "auth.login.success",
  "actor_id": "user_123",
  "actor_email": "user@example.com",
  "ip": "203.0.113.50",
  "metadata": { "method": "POST", "path": "/api/login" }
}

→ 202 Accepted  { "id": "evt_abc123", "status": "accepted" }

Integrate

{ }

SDK Guides

Laravel, Node.js, Python, Go, Browser — install, configure, track events, middleware, fluent builder.

Agent Setup

Linux/macOS server monitoring — SSH, file integrity, processes, containers. 28 event types.

Understand

Event Types

All 66 standard event types + 28 agent types. Format rules, naming conventions, examples.

Forensic Drawer

Deep-dive investigation panels — GeoIP, OSINT, MITRE ATT&CK, device context, risk breakdown.

Webhook Payloads

All 25 alert types with full JSON samples, HMAC verification (Node.js + Python).

Configure

Threat Models

Custom detection rules — FOLLOWED_BY chains, AND/OR/NOT logic, wildcard patterns, time windows.

Integrations

Splunk, Datadog, Cloudflare WAF, Slack, Telegram, Discord, PagerDuty, MS Teams.

✓

SOC 2 & NIST CSF

Compliance mapping — 5 Trust Service Criteria + 6 NIST CSF functions. Audit export.