Have us run it for you.
WedgeX deployed and operated by our Australian SOC team. We triage, escalate and report. You set the scope and the verdict thresholds.
- 09:42:11agentTRIAGE_COMPLETEDsplunk-55320 · phishing · low risk
- 09:42:08wedgex.socALERT_CLOSEDsplunk-55320
- 09:42:05agentTRIAGE_COMPLETEDsentinel-30184 · sign-in anomaly
- 09:42:02wedgex.socVERDICT_RECORDEDescalated · sentinel-30184
- 09:41:59agentTRIAGE_COMPLETEDcrowdstrike-12044 · vpn brute force
A snapshot of the work, with our team in the seat.
What it looks like with us in the seat.
A composite of an ordinary 24-hour stretch. The hours change, the rhythm does not.
Quiet morning
A phishing-style lure hits the email gateway. The agent investigates end to end and returns a low-risk verdict with the full trace. The WedgeX analyst reviews the evidence and closes the case. Your team focuses on the project work it should be focused on.
Unusual sign-in
A finance account signs in from an unfamiliar country. The agent investigates: the token is fresh, the MFA prompt was accepted, the device is unknown. It returns a verdict with the full evidence. The WedgeX analyst reviews and escalates to your IT lead with verified context and a recommended action.
Brute force against the VPN
A burst against the VPN gateway. The agent investigates, correlates with related activity, and recommends containing the source IP. The WedgeX on-call analyst is paged, approves the containment, and posts a summary to your incident channel. Your team wakes up to a resolved alert with the full trace.
Handover brief
The WedgeX daily handover lands in your inbox. Three cases reviewed and closed, one escalation pending your review, one suppression rule proposed for sign-off. You start the day with five minutes of context, not a backlog.
The operational work, off your plate.
Six things our analysts do for you every day so your team can get on with what only your team can do.
-
24/7 monitoring
Every alert in the WedgeX queue, watched in real time, day or night.
-
Recommendation review
The agent's verdict gets a WedgeX analyst before your team sees it.
-
In-scope approvals
Response actions within the scope you have pre-set, approved on your behalf.
-
Out-of-scope escalation
Anything beyond scope is handed to your team with verified context and a recommendation.
-
Environment tuning
Suppression rules and verdict thresholds, tuned to what your environment treats as normal.
-
Reporting and review
Weekly and monthly briefs with patterns, trends and recommended changes.
Where we stop. Where you start.
A managed service only works if the boundary is clear. We agree it up front and write it down.
- Continuous monitoring of every WedgeX investigation
- Approving in-scope response actions
- First-line response coordination
- Agent tuning, suppression rules and verdict thresholds
- Reporting and reviews
- The scope of actions we are allowed to take
- Verdict thresholds and severity definitions
- When to declare an incident
- Strategic security direction
- Vendor and platform choices
Hand it to our SOC team.
Managed SOC fits teams who want the outcome of a SOC without running one. If you would rather operate the platform yourself, see the AI SOC Platform. For a safety net when the worst day arrives, see the Incident Response Retainer.