Built by SecOps veterans who knew Wazuh's power cold and wanted to take it even further. So we built the magic layer we always wished we could buy: a clan of Guardians wrapped around the proven engine - eyes, a brain, reflexes, and a memory, all working as one.
The founding team came from years of SOC work - pagers, runbooks, war rooms, post-mortems, the works. We knew the firehose by heart.
Detection was rarely the problem. Wazuh already finds the threats, and finds them well. The work was everything around it: deep alerts nobody had time to decode, a public surface nobody was watching, backups nobody had tested, and credentials scattered across a dozen places. Wazuh is a powerful engine, and we set out to build the cockpit around it.
So we built the cockpit. We started Suriq to build that magic layer once, properly, so the next team would never have to stitch it together by hand at 3am again.
Wazuh is the engine - the rules and decoders, file integrity monitoring, vulnerability detection, CIS and SCA scoring, MITRE tags, and the agent. We did not try to rebuild a thing. We stand on it, run it for you, and put it on steroids.
The magic splits into four powerful roles. Jack is the brain: a Claude-powered interpreter that turns deep, technical detections into plain-English answers and suggests the fix - advisory only. Argus is the eyes outside your perimeter, watching BGP and RPKI, DNS, WHOIS, and certificates. Vexa is the memory that retains and searches every event. Orin is the reflexes: manual response actions your team takes, plus automatic DNS failover the instant a host drops.
Built on the proven power of Wazuh, supercharged by years of real-world operational engineering.
We describe what the product does today, not what a roadmap promises. If something is coming, we call it coming. It is why every bold claim we make is one we can prove on a live demo - and the rule we hold every page on this site to.
Response actions are taken by your team, within the policy you set, and every move is logged and attributable. The one thing that runs on its own is DNS failover the instant a host drops - and it is genuinely impressive.
The bar is simple: when something fires at 3am, can your team understand it fast and act with confidence? Everything we ship is measured against it, and nothing ships that fails it.
Deploys fast - agentless for monitoring and cloud, a lightweight agent for deep endpoint security, all on a managed Wazuh core. The engine you trust, with eyes, a brain, reflexes, and a memory wrapped around it.
SURIQ