Logo
GDPRKVKKSOC2BTK 5651

SecureOps

SIEM · SOC · SOAR

An enterprise security operations center unifying FortiGate, Windows AD, FortiMail and more on a single platform. An extensive library of built-in SOAR rules, BTK 5651 compliance and JIT access control.

Extensive

SOAR Rules (All Active)

Broad

Integrations

Diverse

Automated Response Actions

Long-Term

BTK 5651 Log Retention

Platform Modules

Multi-Source Syslog

RFC 5424 compliant log management. Collects data within seconds from FortiGate, Windows AD, FortiMail and standard syslog devices. Paginated record view with severity-based filtering.

FortiGate Firewall Integration

View SSL VPN session monitoring, IPsec tunnel tracking, IPS alert management, antivirus events and security policy violations from a single panel. Live session termination.

Windows Active Directory

Windows event IDs covering successful/failed logon, file access, object deletion and log clearing. RDP connection detection via Logon Type correlation.

SOAR Automation

Built-in detection rules, all active. The rule engine runs continuously. Categories: Network Attacks, Malware, Insider Threat, Threat Intelligence. A range of automated response actions.

JIT — Zero Trust Access

Just-in-time access to RDP. A limited access window, justification required, fail-closed outside business hours. Access stays closed outside defined business hours (Europe/Istanbul). Email-based approval workflow.

BTK 5651 Compliance

Regular SHA-256 integrity hash, periodic archiving, TSA (Trusted Timestamp Authority) support. Log retention for the legally required period. Tamper-evident storage ready for audits.

Reports & Archive

SSL VPN and IPsec site-to-site VPN reports, KPI cards and session tables. PDF and CSV export. Report archive for access to past periods.

Network Topology

Canvas-based interactive network map. All nodes and connections update in real time. Visualizes device details, IP addresses and connection status.

SOAR — Detection Rules

The rule engine runs every minute. Detection → Pending event → Analyst approval or automated action.

Network Attacks

rules
  • Brute Force
  • IPS Flood
  • RDP/SSH Brute Force
  • Port Scan
  • WAF Attack Burst
  • Impossible Travel Login

Malware & Ransomware

rules
  • Early Ransomware Detection
  • Antivirus Hit
  • Crypto Miner/C2
  • Suspicious Process (LOLBin)

Insider Threat

rules
  • Mass File Deletion
  • Data Exfiltration
  • Sensitive File Cloud Upload
  • Off-Hours Activity

Threat Intelligence

rules
  • IOC Match (USOM/RTBH)
  • High VirusTotal Score
  • Data Leak to Malicious IP

Automated Response Actions

quarantine

Quarantine the IP via FortiGate

blacklist

Add to the permanent blacklist

kill_vpn_session

Terminate the active SSL VPN session

disable_user

Disable the user account

alert_only

Send a notification only

AbuseIPDB

Report the attacking IP to the global community

email

Rule-based email notification

Integrations

FortiGateFortiMailFortiWeb (WAF)Windows Active DirectorySyslog (RFC 5424)AbuseIPDBVirusTotalUSOMRTBHAbuse.chOTX AlienVaultTSAJIT Agent