Security Operations

The Security module (license-gated) centralizes SOC workflows: real-time alerts, investigation tools, MITRE heatmaps, playbooks, and compliance tracking.

Module availability

Requires module.security on the tenant license.

Main areas

Route	Purpose
/security	Overview metrics
/security/alerts	Alert inbox (live updates)
/security/investigate	Tooling workspace
/security/scanners	Scanner configuration
/security/compliance	Framework posture
/security/threat-intel	Indicators and feeds
/security/playbooks	Response playbooks

Alerts may arrive via edge ingest, webhooks (Defender, Wazuh, CrowdStrike), or manual creation.

Permissions

security.read plus fine-grained security.tool.* for ping, nmap, ssh, etc.

See also

• Security Alerts
• Investigation
• Vulnerability management
• Compliance