SURIQ01
Agentless where it can be
External monitoring and cloud snapshots install nothing - Suriq probes from the outside and talks to provider APIs. For deep endpoint security, a lightweight agent runs on each host.
The Platform
The engine is Wazuh. The magic is ours.
Wazuh is a powerful detection engine that catches what matters in deep, technical detail - more than most teams have time to read alert by alert. Suriq is the magic wrapped around it: a clan of Guardians with eyes outside your perimeter, a brain on every alert, reflexes when infrastructure breaks, and a memory that never forgets. The proven engine, run the way a busy team needs it.
The foundation
We took Wazuh. We put it on steroids.
Detection is a solved problem, and Wazuh solves it brilliantly. Its rules and decoders, file integrity monitoring, vulnerability detection, CIS and SCA policy scoring, MITRE ATT&CK tagging, and lightweight agent are trusted by thousands of teams worldwide. We do not rebuild that. We stand on it.
But running any detection engine at full power takes real operational muscle: tuning the signal, scaling the stack, and watching the external surface that lives outside its scope. So we run the engine for you and wrap it in the operational layer that turns powerful detection into something a team can run a business on day to day.
The magic we wrap around it.
A clean multi-tenant console and a Wazuh core we deploy and run for you. An alert-to-incident workflow with dedup and a full audit trail. An AI interpreter that translates deep, technical detections into plain English and suggests the fix. Eyes posted outside your perimeter - BGP and RPKI, DNS, WHOIS, certificates - that most Wazuh installs simply do not have. Active monitoring with automatic DNS failover. CloudSnap multi-cloud backup. And a Secrets Vault that keeps credentials out of the database, the logs, and the backups. That is the magic.
The clan
Eyes. Brain. Reflexes. Memory.
01 · The Brain
Jack
The Interpreter, Claude-powered. He takes a dense Wazuh detection and hands you a plain-English answer - what fired, why it matters, and how to tune the noise down. A brilliant analyst on every alert. He advises; your team decides.
Advisory only02 · The Eyes
Argus
Posted at the edge of the world, he never blinks. He watches your public surface from the outside - BGP routes validated against RPKI, DNS and WHOIS drift, certificate expiry - and catches the hijack the moment it happens. Most Wazuh installs have none of this.
Global vantage points03 · The Memory
Vexa
She forgets nothing. Every Wazuh detection flows into one place, retained and indexed for a window you choose. Search and filter by host or rule, pull the exact log lines as evidence, and see the MITRE technique on each event. Audit-ready when someone asks.
Retained & searchable04 · The Reflexes
Orin
He keeps you standing. The instant a monitored host drops, he fails your DNS over to standby on his own - and reverts the second it recovers. When you step in, he is the safe path: restart a Wazuh agent, suppress a noisy rule, snapshot a server before a risky change. Every move logged and attributable.
Manual + automated failoverArchitecture
Built to be trusted.
02
Managed Wazuh core
We run the Wazuh detection engine for you - deployment, upgrades, rule and decoder upkeep - so your team works from the console and never babysits the stack underneath it again.
03
Policy boundary
You define what Suriq may do, and actions run within that boundary. Automated provider calls run against per-provider endpoint allowlists, and every action is recorded.
04
Human-in-the-loop
Response actions are taken by your team, not on their own. For sensitive changes you can require an explicit approval step. The one exception is DNS failover, which runs automatically when a monitored host drops.
05
Audit trail
Every action and actor is recorded in the audit log. Replay an incident from the recorded timeline - who did what, when, and on whose behalf.
06
Open integrations
Alerting where your team already is - Slack, PagerDuty, email, Discord, Telegram, and more, with Splunk as an alert output. Multi-cloud snapshots, and DNS providers for automatic failover.
Why four?
Detection alone is not a living platform.
A great engine still leaves a team with deep, technical alerts and dense rule IDs to read, and no clean way to watch the surface attackers actually see. That is the gap most teams fill by hand, at 3am. We turned that gap into a clan.
Suriq splits the work into four powerful roles on top of Wazuh. Jack is the brain that explains. Argus is the eyes outside. Vexa is the memory that retains and searches. Orin is the reflexes that respond and recover. Each role has a job you can see and verify.
Bold where it counts, honest everywhere.
The brain advises but never acts on its own. The eyes watch but never touch your stack. Response actions are taken deliberately by your team, with a single automatic exception - and it is a good one: DNS failover the instant a host goes down.
Every handoff is logged and attributable, so you can show your team - and your auditors - exactly what happened, when, and on whose behalf. We describe what the product does today, not what a roadmap promises. The bold claims on this page are all real.
Stop running Wazuh alone. Let the Guardians run it.
Deploys fast - agentless for monitoring and cloud, a lightweight agent for deep endpoint security, all on a managed Wazuh core. The engine you trust, with eyes, a brain, reflexes, and a memory wrapped around it.