๐ŸŒฎTacosec

Platform Modules

CVE & SBOM Management

Live

Vulnerability detection, SBOM generation, secret scanning

CIS Validation

Coming Soon

Continuous CIS benchmark scoring for Linux, K8s & Windows

MDR + Detection

Coming Soon

Log ingestion, ruleset-based alerting, threat detection

3 modules โ€” CVE & SBOM live, CIS and MDR coming soon

Get early access

Solutions across CVE management, CIS validation, MDR, and compliance

Talk to an expert
MDR ยท Threat Detection

Ingest any log.
Alert on what matters.

Security signals are buried in your logs โ€” across servers, containers, firewalls, and cloud services. Tacosec ingests logs from any source, applies detection rulesets, and fires an alert when something looks wrong. Any device. Any log format.

See Detection DemoMDR Module

Log Sources

If it produces logs, we can ingest it.

Syslog, JSON streams, flat files, or cloud log APIs โ€” any format, any device.

Linux syslog / auditdWindows Event LogKubernetes audit logsNginx / Apache access logsAWS CloudTrailGCP Cloud LoggingAzure Monitor LogsFirewall & router logsVPN & authentication logsDocker daemon logsCustom application logsSyslog (any device)

Example Rules

What the ruleset catches

HIGHBrute force login attempt50+ failed auth events within 60s from same IP
CRITICALPrivilege escalationsudo / su used outside business hours by non-admin user
MEDIUMUnusual outbound connectionNew external IP contacted on non-standard port
HIGHService stopped unexpectedlyauditd, firewalld, or sshd service killed without change ticket
HIGHLarge data exportOutbound transfer > 500MB from database host

Live Alert Feed

What an alert looks like

Tacosec MDR โ€” Alert Feed

! HIGH ALERT Rule: brute-force-ssh Host: prod-db-01

09:14:22 67 failed SSH attempts from 185.220.101.4 in 45s

09:14:31 Attempt continues โ€” now 94 failures

Source: /var/log/auth.log ยท Rule matched: threshold > 50 in 60s

! CRITICAL ALERT Rule: sudo-outside-hours Host: staging-api-02

02:33:07 user 'deploy' ran sudo su โ€” not in approved ops window

Source: /var/log/secure ยท no active change ticket found

2 active alerts ยท last ingestion: 3s ago ยท 14,821 events/min

Platform

From logs to alerts. Automatically.

Ingest logs from anything

Syslog, JSON, flat file, cloud log APIs โ€” Tacosec ingests log streams from any source. Linux servers, Windows hosts, Kubernetes, firewalls, VPNs, or your own application.

Detection rulesets

Apply curated detection rules or write your own. Rules match patterns, thresholds, and correlations across your log data โ€” turning raw events into meaningful security signals.

Actionable alerts with context

When a rule fires, Tacosec sends an alert with full context: which host, which rule, the raw log lines that triggered it, and suggested next steps. Not just a raw event ID.

Near-real-time detection

Log events are evaluated against rulesets as they arrive. Suspicious activity surfaces in minutes, not after an overnight batch job processes your logs.

What You Get

Visibility across every log source.

Log ingestion from any device or log format
Curated detection ruleset covering common attack patterns
Custom rule support โ€” write rules for your environment
Multi-source correlation โ€” rules that span multiple log types
Alert routing to Slack, Teams, email, or webhook
Log retention and search for historical investigation
Per-host and per-service alert grouping
Tuning tools to reduce false positives over time

Start seeing what's happening in your logs.

Connect your first log source and see alerts in minutes.

See Detection Demo