Detect threats.
Respond faster.
VortexSOC is a modern SIEM built for lean security teams. Correlate alerts, automate response playbooks, and get AI-powered analysis — without the enterprise price tag.
24
Open Alerts
3
Critical
8
Cases
72
Risk Score
Built for SOC teams who move fast. No agents required. Deploys in minutes.
Platform capabilities
Everything your SOC needs, nothing it doesn't
VortexSOC combines SIEM, SOAR, and threat intelligence into a single platform that deploys in minutes and scales with your team.
Intelligent Alerting
Write detection rules in LogsQL or MetricsQL. VortexSOC evaluates them on a schedule, scores each incident using AI-weighted risk factors, and surfaces what actually matters.
Correlation Engine
Define multi-condition patterns across alert rules and queries. Automatically create cases, fire alert incidents, and notify channels when correlated threats are detected.
AI Risk Scoring
Every incident is scored 0–100 by an AI model that weighs severity, MITRE technique, asset criticality, and historical context. Triage at a glance, no analyst fatigue.
Automated Playbooks
Build response playbooks with conditional steps, HTTP actions, and script execution. Trigger them manually or automatically when a case is created — cut MTTR dramatically.
Detection Rules
Write sigma-style detection rules backed by live VictoriaLogs queries. Each hit creates a firing event with sample log lines you can inspect directly in the UI.
Unified Log Search
Search across VictoriaLogs and VictoriaMetrics from a single interface. Filter, inspect fields, run field-value aggregations, and save queries for team reuse.
How it works
From zero to protected in three steps
No six-week professional services engagement. No six-figure consulting bill. Just connect, configure, and go.
Connect your data sources
Point VortexSOC at your VictoriaLogs and VictoriaMetrics instances. No agents, no forwarders — just a URL. Existing log pipelines work out of the box.
Supports LogsQL, MetricsQL, webhook ingest, and OCSF-normalized fields.
Define rules and correlations
Write alert rules with threshold conditions and correlation rules that link multiple signals into high-fidelity detections. Use our seed library to get started in minutes.
Ships with out-of-the-box MITRE-mapped rules for brute force, privilege escalation, lateral movement, and more.
Detect, triage, and respond
AI scores every incident automatically. Correlations auto-create cases and fire notifications to your webhook, Slack, Teams, or email channel. Playbooks close the loop.
Average time from log ingestion to analyst notification: under 60 seconds.
Integrations
Works with your existing stack
VortexSOC connects to the tools you already run — no rip-and-replace, no proprietary agents.
Log Sources
-
VictoriaLogs
Native query engine via LogsQL
-
Syslog / rsyslog
UDP/TCP ingest via pipeline
-
Filebeat / Logstash
Beat agent forwarding
-
Docker / Kubernetes
Container log collection
Metrics
-
VictoriaMetrics
Native MetricsQL queries
-
Prometheus
Remote write + scrape
-
Grafana Agent
Flow mode pipelines
-
Node Exporter
Host-level metrics
Notifications
-
Slack
Rich alert messages per channel
-
Microsoft Teams
Incoming webhook cards
-
Webhook
Any HTTP endpoint
-
Email / SMTP
HTML alert emails
Identity & Auth
-
LDAP / Active Directory
User auth and group sync
-
SAML 2.0
SSO with Okta, Azure AD, etc.
-
Local accounts
Built-in user management
-
Audit log
All actions logged with actor
AI Providers
-
Claude (Anthropic)
Case summaries and analysis
-
OpenAI GPT-4
Alternative AI backend
-
Ollama (self-hosted)
On-prem models, no data egress
-
Risk scoring engine
Built-in ML scoring, no API needed
Response & Automation
-
HTTP playbook actions
Call any REST API
-
Script execution
Run bash/python on trigger
-
Case management
Built-in ticketing and workflow
-
Threat intel feeds
IP/domain enrichment
Missing an integration? Enterprise plans include custom connector development.
Pricing
Simple, transparent pricing
No per-alert fees. No surprise data ingestion overages. Pay for users and data volume — that's it.
Small Team
Up to 2 users · Under 250 GB/day ingest
Everything a small security team needs to get started with serious threat detection.
- Unlimited alert rules
- Correlation engine
- Case management
- AI risk scoring
- Webhook + email notifications
- VictoriaLogs + VictoriaMetrics
- Detection rules
- Log search
- MITRE ATT&CK mapping
- Community support
Pro
Up to 5 users · Under 700 GB/day ingest
For growing teams that need AI-powered analysis, playbooks, and broader data coverage.
- Everything in Small Team
- AI case summaries (Claude / OpenAI)
- Automated playbooks
- Slack + Microsoft Teams notifications
- Asset tracking & risk scoring
- Audit log
- LDAP / SAML SSO
- Custom dashboards
- Threat intel enrichment
- Priority email support
Enterprise
Unlimited users · Unlimited ingest
Self-hosted or dedicated cloud. Built for organizations with compliance requirements and large-scale data.
- Everything in Pro
- Self-hosted deployment
- Custom data retention
- Dedicated infrastructure
- SLA guarantee
- Custom integrations
- On-prem AI models (Ollama)
- Multi-tenant support
- Annual billing discount
- Dedicated account manager
All plans include a 14-day free trial. No credit card required.
Stop chasing alerts.
Start closing cases.
Get up and running in minutes. Connect VictoriaLogs, define your first rule, and see real-time AI-scored alerts before your coffee gets cold.