Endpoint Detection & response
Lightweight agent for Windows, macOS and Linux. Behavioral chains, real-time isolation, kill and quarantine from the console. Process, file, network and registry telemetry.
Read the module spec →Every Protoxol module shares the same data model, query language and console. Start with one. Activate ten. No glue code between them — each module makes every other module sharper.
Lightweight agent for Windows, macOS and Linux. Behavioral chains, real-time isolation, kill and quarantine from the console. Process, file, network and registry telemetry.
Read the module spec →Protocol-aware inspection across north-south and east-west traffic. Beaconing, anomaly and lateral-movement detection — auto-correlated with endpoint events.
Read the module spec →Central event store with fast KQL-style queries, saved hunts, investigation timelines and pivot-from-any-alert into the raw record. Designed for the analyst's keyboard.
Read the module spec →IOC and reputation feeds. Actor and campaign context auto-enriches alerts across every module. Custom intel sources via REST and MISP.
Read the module spec →Inbound analysis, URL and attachment sandboxing. Phishing, BEC and weaponized payloads — caught before the user clicks. Microsoft 365 and Google Workspace native.
Read the module spec →Asset-level discovery and exposure-aware prioritization. Focus on what's exploitable today on internet-facing or privileged assets — not on a 50-page report.
Read the module spec →Software and hardware ground truth — reconciled across cloud, on-prem and identity providers. Every alert in Protoxol resolves to a known asset with an owner.
Read the module spec →Stolen secrets, leaked tokens, weak rotation policies. Continuous monitoring of paste sites, breach corpora and your own repos. Alerts before credentials are abused.
Read the module spec →Supervised playbooks. Every action traceable, reversible and explained in plain language. Approvals enforced — no surprise containment on production assets.
Read the module spec →Executive and operational reports built from the same data you investigate against. Custom dashboards via SQL. Scheduled exports to PDF, CSV and your BI of choice.
Read the module spec →Start with one. Add the rest at your pace. Same console, same playbooks, same query surface.