Collect
Multi-protocol ingestion from endpoints, cloud, network, apps, and APIs — agents, Syslog, webhooks, and connectors.
Autonomous Security Operations
SOC AI Agent
Built-in native SIEM — collect, store, and correlate in one platform. Multi-agent AI ingests from any source or your existing SIEM, detects threats, and responds via SOAR — with GDPR, RGPD, and LGPD compliance built in.
GDPR · RGPD · LGPD
< 1s Response Time
8 Specialist Agents
Managed Detection & Response
AI-driven Managed Detection and Response
More than a platform — a complete security operations service, run 24/7 by SOC AI Agent.
Continuous 24/7 Detection
The agent analyzes logs, correlates threats, and identifies incidents in real time, without downtime.
Autonomous Response
Built-in decision power: detects, classifies, and responds via SOAR — block, isolate, and remediate in seconds.
Managed Service
DolutechAI runs the service for you: ingestion, monitoring, analysis, and response — no internal SOC required.
24/7
Continuous operation
< 1s
Autonomous response
8
Specialist agents
Human-in-the-Loop
Intelligent Autonomy with Human Validation
SOC AI Agent operates autonomously, but knows when to escalate. In critical environments or high-risk situations, it requests human analyst validation before executing sensitive actions.
The agent decides when to escalate
It is not the operator who asks for help — the autonomous agent itself, after analyzing severity, context, and impact, determines that human validation improves response safety.
01
Detection
Event identified and classified
02
Autonomous analysis
Orchestrator + specialists assess risk and impact
03
Agent decision
Immediate response or human-in-the-loop escalation
04
Human validation
Analyst reviews context, confirms or adjusts proposed action
05
Secure execution
Action executed via SOAR with full audit trail
Critical severity
High-impact incidents that require human confirmation before remediation
Critical environments
Assets, segments, or systems classified as sensitive or mission-critical
High-impact actions
Wide isolation, mass blocking, or invasive remediation
Ambiguity or low confidence
When analysis does not reach sufficient confidence, the agent prefers human validation
Autonomous mode (default)
- Routine or low-risk events
- Immediate SOAR response
- No human wait time
- 24/7, sub-second operation
Human-in-the-loop mode
- Critical context or high risk
- Agent pauses and escalates
- Analyst validates before execution
- Reinforced safety in sensitive environments
Human-in-the-loop with DolutechAI human analysts is available on selected plans. Full agent autonomy is included on all plans.
See the System in Action
Your Security Operations Center
Intuitive dashboard with real-time visibility into metrics, incidents, and alerts across your infrastructure.
Real-Time Visibility
Security metrics updated instantly with interactive charts.
Incident Management
Triage, classify, and respond from a single pane.
24/7 Monitoring
Logs and events continuously processed by multi-agent AI.
Built-in SIEM
Native SIEM power. Third-party freedom.
SOC AI Agent is a complete security data platform — native collection, storage, and correlation — while operating as an intelligent layer on top of Splunk, Wazuh, and enterprise SIEMs you already run.
Native SIEM
Collect, store, and correlate in one platform
Built-in SIEM capabilities mean you can centralize telemetry without assembling a separate stack first.
Store
Searchable log retention with configurable policies, audit trails, and evidence ready for compliance reviews.
Correlate
Cross-source correlation rules enriched by the AI orchestrator and eight specialist agents for context-aware incidents.
Your SIEM
Operate on the stack you already have
Forward events from your existing SIEM — SOC AI Agent analyzes, correlates with AI, and responds via SOAR without a rip-and-replace project.
One intelligence layer — any source
Whether logs land natively or arrive from a third-party SIEM, the same orchestrator, specialist agents, incidents, and SOAR playbooks power your operations.
No rip-and-replace
Start with your current SIEM and add AI-driven MDR, or deploy the full native stack — your choice.
Single pane of glass
Unified incidents, IOCs, and response actions regardless of where events originated.
Compliance-ready retention
Immutable audit trails and configurable retention for GDPR, RGPD, and LGPD from day one.
Complete Platform
22 Integrated Modules
From log ingestion to automated response — all in one console.
Operations
Dashboard
Executive and operational real-time view.
Endpoints
Inventory and telemetry for Windows and Linux hosts.
Vulnerability Management
CVE discovery across endpoints with CVSS scoring, severity filters, and on-demand scans tied to your asset inventory.
Logs
Search, filters, and event correlation.
Incidents
Triage, severity, assignment, and resolution.
SOAR
Playbooks, executions, and response integrations.
AI Chat
Contextual assistant for your environment.
Manual Analysis
Analyst-guided investigation.
Blacklist System
View, add, and manage blocks for IPs, domains, and malicious actions with full audit trails.
UEBA ML
Behavioral analytics with machine learning to detect anomalies, insider threats, and baseline deviations.
Threat Intelligence
Threat Intelligence
Threat context enrichment.
Threat Map
Attack geolocation and origin.
IOC Feed
Real-time indicators.
TI History
Query and match history.
DolutechAI Threat Network
Proprietary collaborative network — share and receive community-validated IOCs with automatic enrichment.
TI Enrichment & Correction
Validates, corrects, and enriches indicators and threat context with continuous correlation against logs and incidents.
Administration
Connectors
Configurable ingestion and output sources.
Whitelist
Controlled exceptions to reduce false positives.
Team
Users, roles, and permissions.
Settings
Policies, retention, and preferences.
My Profile
Personal account and session preferences.
Multi-Factor Authentication
Secure MFA (TOTP) for analysts and administrators, with role-based policies and protected sessions.
AI Engine
Orchestrator + 8 Specialist Agents
Each log type is analyzed by the right specialist — maximum accuracy, minimal false positives.
Orchestrator Agent
Classifies the event, selects the specialist, aggregates conclusions, and proposes SOAR actions.
Network & Traffic
Authentication & Identity
Web & Applications
Cloud & SaaS
Endpoint & Host
Malware & Payloads
Exfiltration & C2
Compliance & Audit
Incident Management
Unified Triage and Response
Full queue with severity, status, assignment, and Investigate / Resolve actions.
- Filters by endpoint, status, and severity
- Critical, High, Medium badges and Open / Investigating / Resolved states
- Export and per-analyst assignment
SOAR
Configurable Playbooks
Automation with triggers, conditions, and automatic or manual approval mode.
- Threat categories, minimum score, and severities
- Automatic execution or manual approval required
- Endpoint scope and chained actions
New Module
Vulnerability Management
Continuous exposure visibility with CVSS prioritization across your endpoint fleet.
- CVE IDs, CVSS scores, and affected products per endpoint
- Critical, High, Medium, and Low filters with open status tracking
- On-demand Scan Now with escalation into incidents
Integrations
JSON / REST API
Wazuh SIEM
Splunk HEC
CEF
Syslog
Webhook
WordPress
Lovable SDK
Replit SDK
Cloudflare
Go Agents
Real-Time IOCs
Connectors
Vercel
Webhook API
Universal Ingestion and Ecosystem
Connect SIEM, endpoints, cloud, and applications without rebuilding your stack.
Event ingestion
Any structured event via API.
Wazuh SIEM / XDR integration.
HTTP Event Collector compatible.
ArcSight Common Event Format.
RFC 5424 and RFC 3164.
Generic HTTP endpoint.
SOC Collector plugin and IP blocking.
Native SDK for Lovable apps — send events, errors, and security signals from your AI-built applications.
Native SDK for Replit — stream logs, runtime events, and security telemetry from your apps and services.
Ecosystem
Perimeter protection and CDN events.
Windows and Linux — native telemetry.
Feeds and continuous matches.
Centralized management in the Connectors module.
Deploy logs, function invocations, and edge events for real-time analysis and response.
Outbound events, alerts, and SOAR callbacks for real-time ecosystem integrations.
Threat Network
DolutechAI Threat Network
Collective intelligence across SOC AI instances — confirmed real threats only.
- Shares IOCs with SOC hits and confirmed incidents
- Does not share public feed data
- Reduces detection time for emerging threats
Compliance
GDPR, RGPD, and LGPD by Design
Data control, auditing, and evidence for regulators and data subjects.
Immutable audit trail
Every log, incident, and SOAR action recorded.
Minimization and retention
Configurable policies per source and type.
Data subject rights
Export and evidence for DSAR requests.
Residency and control
Data under customer and regional control.
Processing records
Documented incidents and playbooks.
Breach notification
Reports for GDPR Art. 33 and LGPD equivalents.
Operational visibility
Clarity for security operators
Every alert arrives with context — source, severity and a suggested next step. Full history stays available for your team and auditors.
-
Unified visibility
Active alerts, monitored endpoints and threat intelligence in a single operational view.
-
Context-driven prioritization
The work queue reflects severity and event correlation, so analysts focus on what matters first.
-
Documented response
Playbooks, manual approvals and containment actions stay linked to each incident with a full audit trail.
-
Audit-ready
Searchable incident timelines ready for internal review or compliance requests.
Core Capabilities
End-to-End Intelligent Security
Multi-Agent AI
Orchestrator and 8 specialists analyze every log with event-type context.
SOAR & Playbooks
Automatic or approval-based response — isolate, block, and quarantine in seconds.
GDPR · RGPD · LGPD
Immutable audit, configurable retention, and evidence for subjects and regulators.
Threat Network
Selective sharing of confirmed IOCs across SOC AI community instances.
Real-Time IOCs
Feeds, TI history, and continuous incident enrichment.
Universal Ingestion
JSON/REST, Wazuh, Splunk HEC, CEF, Syslog, Webhook, WordPress, Cloudflare, and Go agents.
How It Works
From Detection to Response in Seconds
01
Data Collection
Ingest via API, Syslog, SIEM, webhooks, WordPress plugin, Cloudflare, and Go agents.
02
AI Orchestration
The orchestrator routes each event to the right specialist among 8 agents by log type.
03
Scoring & IOCs
Dynamic severity, TI enrichment, and real-time feed matching.
04
SOAR & Playbooks
Playbooks run automatic containment or wait for manual approval.
05
Audit & Compliance
Reports, exports, and trails for GDPR, RGPD, and LGPD.
Architecture
Three-Layer Intelligence Architecture
Collection
Multi-protocol ingestion and endpoint agents.
AI Engine
LLM orchestrator + 8 specialists by log domain.
Response
SOAR, Cloudflare, blocking, and notifications.
Frequently Asked Questions
Everything You Need to Know
How do the orchestrator and 8 specialist agents work?
The orchestrator classifies each event by log type and context, delegates to one of eight specialists, and consolidates analysis before creating or updating an incident.
Which log sources and formats are supported?
JSON/REST API, Wazuh SIEM/XDR, Splunk HEC, CEF (ArcSight), Syslog (RFC 5424/3164), webhooks, WordPress SOC Collector plugin, Cloudflare, Go agents for Windows/Linux, and custom connectors.
What are SOAR playbooks and which modes exist?
Playbooks define triggers (category, score, severity), conditions, and actions. Run fully automatic or require manual approval before remediation.
What is the DolutechAI Threat Network?
A proprietary network sharing only real threats — IOCs with SOC hits and confirmed incidents. Public feed data is not shared.
How does SOC AI Agent support GDPR, RGPD, and LGPD?
Immutable audit trails, retention policies, exports for data subjects, and breach notification reporting (e.g. GDPR Art. 33).
How do real-time IOCs work?
Indicators are correlated with logs and incidents. IOC Feed and TI History show matches; Threat Network reinforces community-validated IOCs.
Are there endpoint agents and a WordPress plugin?
Yes. Go agents for Windows and Linux, plus the WordPress SOC Collector plugin with IP blocking.
How does Cloudflare integration work?
Perimeter and CDN events correlate web attacks with internal incidents and can trigger blocking playbooks.
What is the response time and how are false positives reduced?
Automatic playbooks can respond in under one second. Specialist-per-log-type analysis drastically reduces false positives in tuned environments.
Can I keep my existing SIEM?
Yes. Send events via Syslog, CEF, Splunk HEC, JSON API, or Wazuh. SOC AI Agent correlates, analyzes with AI, and responds via SOAR without replacing your SIEM.
Is the platform customizable?
Yes. Configure thresholds, playbooks, whitelist, connectors, retention, and auto/manual modes per environment.
What is DolutechAI's MDR service?
MDR (Managed Detection and Response) is the managed detection and response service we deliver with SOC AI Agent. We monitor your environment 24/7, detect threats, and respond autonomously — no internal SOC team required.
What is human-in-the-loop in SOC AI Agent?
Human-in-the-loop is the mechanism by which the autonomous agent, upon identifying a critical context or sensitive action, automatically escalates to a human analyst to validate the decision before execution. It ensures day-to-day autonomy and reinforced safety when risk demands it.
When does the autonomous agent escalate to a human analyst?
The agent escalates when severity, critical environment, potential action impact, or analysis confidence indicate that human validation improves safety — for example, critical incidents, sensitive assets, or invasive remediation. Human analyst availability depends on your chosen plan.
Do plans include human analysts for human-in-the-loop?
The agent operates autonomously on all plans. Some plans include human analysts who participate in the human-in-the-loop flow when the agent escalates. Availability depends on your plan — contact us to find the right fit for your environment.
Economics of Security
Stop Paying for Layers. Start Paying for Outcomes.
Traditional stacks charge for software — then for the MSSP that operates it, and again for analysts who triage alerts. SOC AI Agent is an autopilot: one platform that detects, investigates, and responds 24/7. No MSSP middleman. No seven-figure SOC team.
Traditional SOC stack
- Multiple vendors: SIEM, EDR, ticketing, and threat feeds — each with its own contract
- MSSP retainer on top of tool licenses — you pay for the layer that operates the tools
- Alert fatigue passed back to your IT team for triage and escalation
- Slow onboarding across disconnected tools and handoffs
- Unpredictable total cost of ownership that grows with every new source
DolutechAI SOC AI Agent
- Native SIEM, 8 AI specialist agents, and SOAR in one integrated stack
- MDR included — we run monitoring, analysis, and response for you
- Autonomous response in under one second — no analyst queue for routine threats
- Vendor swap, not internal reorg — replace MSSP + fragmented tools cleanly
- From €299/month for 10 devices — larger or smaller volumes, contact us
6:1
Typical services-to-software spend ratio in security operations
1
Middleman layer eliminated — no separate MSSP retainer
From €299/month
10 devices — larger or smaller volumes, contact us
Figures are illustrative of industry patterns. Final pricing depends on log volume, sources, and plan. Contact us for a tailored proposal.
Ready to Transform Your Security Operations?
Deploy SOC AI Agent in minutes. Multi-agent AI, SOAR, and compliance built in.
Request a Demo No credit card required · Full access · Dedicated support Non-profit organization? Learn about our free licensing program →