SURIQ01
One command, and a host is watched
Run a single install command and a lightweight agent comes online. No tuning session, no rule-writing on day one - it starts watching right away.
Operations Suite · 04 / Detection
A Guardian on every server, watching for the breach.
Guardians are the Wazuh-powered sensors Suriq runs on your hosts. Each one detects intrusions, file tampering, and known vulnerabilities, scores the host against CIS benchmarks, and tags every finding to MITRE ATT&CK. Deploy one with a single command - it works out what the host runs on its own.
What you get
Detection that ships ready, on every box you run.
02
It learns what each host runs
A Guardian fingerprints the box by its packages, ports, and processes - cPanel, Nginx, MySQL, Docker, Postfix, and dozens more - and applies the detection rules that actually matter for that role.
03
Know your CVE exposure in seconds
Every host is checked against known vulnerabilities. When a CVE lands, you see exactly which servers are affected - not a guess, a list. Accept the risks you choose to live with and track the rest.
04
Catch tampering and intrusion
File integrity monitoring flags changed files; detection rules catch the attack patterns. Every alert is tagged to its MITRE ATT&CK tactic and technique and rolls up into an incident you can work.
05
Score every host against CIS
Configuration scans grade each host against CIS benchmarks and show exactly where it drifts - so hardening becomes a checklist, not a mystery.
06
A full inventory of every box
Running processes, open ports, installed packages - per host, kept current. You finally know what you actually run.
Knows your stack
It recognizes what runs on the host. Automatically.
A Guardian detects the services on a host by their packages, ports, and processes, then maps the right detection rules to each one. Dozens of service profiles spanning panels, web servers, databases, containers, mail, DNS, runtimes, proxies, queues, VPNs, monitoring, backup, and host security.
cPanel
Plesk
DirectAdmin
CyberPanel
Apache
Nginx
LiteSpeed
MySQL
PostgreSQL
MongoDB
Redis
MSSQL
Docker
Podman
Postfix
Exim
Dovecot
BIND
PowerDNS
Node.js
PHP-FPM
HAProxy
RabbitMQ
Grafana
and growing
A growing library of profiles - WireGuard, Kafka, Varnish, Java, Python, and host-security modules like CSF, Imunify, and JetBackup are already in the list, and it keeps expanding.
From signal to incident
Raw logs in. A worked incident out.
01
Collected
The agent ships logs, file changes, and inventory from the host to your Wazuh backend.
02
Matched
Rules and decoders parse every event. Suriq's own rule packs ride on top of the Wazuh ruleset, scoped to what the host actually runs.
03
Tagged and ranked
Matches are tagged to MITRE ATT&CK and ranked by severity. Noisy rules can be suppressed, and the AI can suggest tuning - you decide whether to apply it.
04
Raised and routed
Real findings become incidents with a status to work, and the alert goes to your channel - Slack, email, PagerDuty, wherever your team is.
The backend
We stand up the Wazuh backend for you.
No Wazuh to install or babysit. Pick a cloud and a region, and Suriq provisions a dedicated backend in your own account - it spins up the server, installs Wazuh, and verifies it - then keeps watch on its health.
Hetzner
Available
Contabo
Available
AWS
Coming soon
DigitalOcean
Coming soon
Azure
Coming soon
Google Cloud
Coming soon
Suggest a provider
You choose the provider and the region. Suriq handles the rest, from first boot to a verified, running backend.
See what is actually happening on your servers.
Guardians ship with Suriq. Deploy your first sensor with one command and watch the findings land.