ENTERPRISE SOC PLATFORM
DefenceFusion unifies real-time threat detection, structured incident response, compliance management, and executive reporting — giving your security team the speed and visibility to protect what matters most
Security teams today are overwhelmed — fragmented tools, slow triage, and audit-season panic. DefenceFusion replaces the chaos with a single, unified SOC platform that takes you from raw log ingestion all the way to executive-level compliance reporting. Whether you’re a lean in-house team or a Managed Security Service Provider supporting dozens of clients, DefenceFusion gives you one pane of glass for everything
See everything at once. The DefenceFusion dashboard surfaces live KPIs, trend
charts, and threat maps — refreshed in real time so your team always knows where to focus.
Every log event from every endpoint, searchable in seconds. DefenceFusion ingests and indexes your entire event stream in real time — with powerful query tools to find exactly what you need.
Real-time event stream from agents, syslog, and API sources
Colour-coded severity badges: Critical / High / Medium / Low / Info
Wazuh Query Language (WQL) and advanced DQL query builder
Event detail panel: raw log, decoded fields, MITRE mapping, related events
One-click Create Alert and Add to Case from any event row
Export to CSV or JSON (up to 10,000 rows)
Turn every alert into a traceable, auditable investigation. Cases bring together tasks, evidence, timelines, and team collaboration — so nothing falls through the cracks.
Full case lifecycle: Open → In-Progress → Resolved → Closed
Tasks with assignees, due dates, and playbook links
Evidence & Observables tab: upload PCAPs, hashes, IPs, domains — auto-checked against threat intel feeds
Interactive visual timeline from first alert to case closure
Related Cases tab surfaces shared IOCs and agent overlaps
TLP and PAP classification support
Correlated, contextual alerts that cut through the noise. Every alert comes with MITRE mapping, recommended response actions, and one-click case creation.
Alerts derived from correlated security events — not raw log noise
Alert lifecycle: New → Acknowledged → In-Investigation → Closed
MITRE ATT&CK tactic and technique per alert
Quick actions: Acknowledge, Create Case, Assign, Close
Filter by Severity, Status, Agent, Rule ID, or Date Range
Deploy, monitor, and manage every agent from one place. See real-time connection status, compliance scores, vulnerabilities, and system health — across your entire infrastructure.
Status monitoring: Active, Disconnected, Pending, Never Connected
Per-agent: OS, IP, architecture, memory, CPU, running services, network overview
7-day uptime history and 24-hour connection trend charts
Security Configuration Assessment (SCA) against CIS Benchmarks
CVE vulnerability detection with CVSS scoring and remediation guidance
ITSM export for patch ticket generation
Build and manage the detection logic that powers your alerts — without touching the command line. Write rules, test them live with Logtest, and hot-reload changes in seconds.
View, enable/disable, and filter all built-in and custom rules
Compliance mappings: PCI-DSS, GDPR, HIPAA, NIST 800-53, ISO 27001, MITRE ATT&CK
Browser-based Monaco editor for custom .xml rule files
Logtest: paste any log line to see which decoder and rules fire
Hot-reload rules without restarting the manager process
Generate polished PDF and CSV reports for executives, auditors, and compliance teams — in seconds, not hours.
Executive Summary: KPIs, top threats, open cases — C-suite ready
Threat Intelligence Report: top attacking IPs, malware families, attack campaigns
Vulnerability Report: aggregated CVEs sorted by CVSS score
Agent Health Report: SCA scores, connection status, version compliance
Schedule recurring reports for automatic delivery
Full control over who can access what. Manage users, assign roles, suspend accounts instantly, and maintain an immutable audit log of every administrative action.
Role-Based Access Control (RBAC): Administrator, Analyst, custom roles
Add, edit, suspend, or delete users from a central interface
Invitation email flow or manual password assignment
Suspend departing users instantly without data loss
All user management actions logged to the immutable Audit Log
Tune DefenceFusion to your exact requirements — from alert thresholds and data retention policies to integration webhooks and MFA enforcement.
Alert thresholds and auto-escalation rules
Threat intelligence feed URLs and update schedules
Integration webhooks for SIEM, SOAR, and ticketing systems
Data retention policies (hot/warm/cold index lifecycle)
MFA enforcement, session policy, IP allow-list, API key management
Faster Triage
Colour-coded severity, one-click acknowledgement, and instant event-to-case creation cut mean time to respond
Full Context
Instantly
Event detail panels show raw logs, decoded fields, MITRE mappings, and related events — no tool-switching
Guided
Investigations
Tasks with playbook links, evidence tabs, and activity timelines keep every case structured and auditable
Powerful Threat
Hunting
WQL and DQL advanced queries let you search your entire event corpus in seconds
Personalised Workspace
Customisable dashboard layouts and saved column sets, per analyst
Unified Visibility
One dashboard shows events, alerts, open cases, and active agents across the entire team
Team Accountability
Case assignments, task due dates, and activity timelines ensure every
action is tracked
Operational Metrics
Case resolution trends, impact counts, and status distributions for performance reporting
Scalable Fleet
Management
Centralised agent lifecycle management with health monitoring and SCA compliance scores
Automated Escalation
Configurable thresholds and auto-escalation rules so critical issues never slip past
Executive Reporting
One-click PDF reports with high-level KPIs and top threats — ready for the C-suite or board
Compliance Assurance
Built-in mappings for PCI-DSS, GDPR, HIPAA, NIST 800-53, ISO
27001, and more
Risk Visibility
Vulnerability reports sorted by CVSS score; SCA compliance percentages per agent
Audit Readiness
Immutable audit logs of all administrative actions — always ready for external review
Multi-Tenant Governance
Full data isolation between client organisations for MSSP deployments
Agent Health Monitoring
Active/Disconnected/Pending status indicators with 7-day uptime charts per endpoint
Vulnerability Prioritisation
CVE lists sorted by CVSS score with remediation guidance and ITSM export
Configuration Compliance
Automated SCA audits against CIS Benchmarks — per-check pass/fail
with fix instructions
Full System Inventory
OS, IP, architecture, memory, running services, and network overview per agent
Integration Ready
Webhooks for SIEM, SOAR, and ticketing; API keys for custom
automation
DefenceFusion maps every detection rule to the major security and privacy frameworks. Evidence gathering for audits goes from weeks to minutes.
Card data security standard
EU data privacy regulation
US healthcare data standard
US federal security framework
International security standard
Industry threat knowledge base
SOC 2 audit framework
UK government security guidance
Protecting your security platform is just as critical as protecting your infrastructure. DefenceFusion is
built with enterprise-grade controls from the ground up
Enforce MFA for all users or specific roles
Set maximum session duration and idle timeout thresholds
Restrict login to approved IP ranges or CIDR blocks
mplete, tamper-proof trail of all admin actions — export at any time
Generate and revoke tokens for programmatic access
Traffic Light Protocol and PAP labels on alerts and cases
Granular roles with full permission control
Configurable hot/warm/cold index lifecycle for cost-effective
DefenceFusion is purpose-built for MSSPs. Switch between client organisations instantly — without logging out. Complete data isolation between tenants ensures every client’s environment stays private
and secure
Threat detection, incident response, compliance, vulnerability assessment, and reporting — unified. No more juggling disconnected tools
Live event ingestion with MITRE ATT&CK mapping gives your team instant awareness of what's happening across your entire infrastructure
Every case has a timeline, tasks, evidence, and related cases — ensuring consistent, thorough, and audit-ready incident response
Rules mapped to PCI-DSS, GDPR, HIPAA, NIST 800-53, ISO 27001, and more — plus automated SCA audits. Compliance evidence gathering becomes effortless
Seamless organisation switching with complete data isolation— purpose-built for managed security providers
From raw log events to correlated alerts to structured cases — DefenceFusion turns data into decisions across your entire organisation.
Custom detection rules, configurable dashboards, integration webhooks, and API access — tailor the platform to your exact environment
MFA enforcement, IP allow-lists, session policies, immutable audit logs, and RBAC protect the platform itself
Real-Time Log Ingestion
Stream and index events from agents, syslog, and API sources in
real time
MITRE ATT&CK Mapping
Every event and alert mapped to adversarial tactics and techniques
Wazuh Query Language
(WQL)
Deep event searching with powerful query syntax
Correlated Alerts
High-signal alerts derived from correlated security events
Structured Incident Response
Full case lifecycle with tasks, evidence, observables, and timelines
Threat Intelligence Integration
Automatic IOC lookups against configured threat intel feeds
Security Configuration
Assessment
Automated CIS Benchmark and custom policy audits per agent
Vulnerability Detection
CVE detection from installed software and NVD/vendor feeds
Compliance Evidence
Rules mapped to PCI-DSS, GDPR, HIPAA, NIST 800-53, ISO
27001, and more
Automated Reporting
On-demand and scheduled PDF/CSV reports for executives and auditors
Custom Detection Rules
Browser-based rule editor with live Logtest validation
Multi-Tenant MSSP Support
Organisation switching with full data isolation
Role-Based Access Control
Granular user roles with full audit logging
One-Click Response Actions
Isolate hosts, block IPs, force password resets from within cases
Explore the platform with a live demo environment. No signup required. See how Complixcel brings order to the chaos
