deployed_code Products

Defense platform assisted by AI

Four integrated products covering the chain from threat intelligence to AI-assisted SOC operations and attack surface management.

01 / AI-SOC

PurpleHat AI-SOC

Central security operations platform powered by the proprietary Neuro-Engine. Correlates events from multiple sources, automates N1 and N2 triage, and escalates only alerts requiring strategic human decision-making.

  • check_circle Automated N1 alert triage with calibrated models
  • check_circle Significant reduction of false positives in pilots
  • check_circle Native SOAR with customizable playbooks
  • check_circle Multi-cloud and on-premise integration
  • check_circle Reduced MTTR through approved playbook containment

Automation tiers

N1 — Automated enrichment High coverage
N2 — Assisted triage AI + analyst
N3 — Senior analyst Complex investigations

Reference distribution. Varies by volume, alert types and integrations in the environment.

forum

Specialized forums

RAMP, BreachForums, XSS and hundreds of PT-BR and RU forums continuously monitored.

storefront

Dark web marketplaces

Credential markets, financial data and corporate access tracked in real time.

send

Telegram channels

Brazilian Telegram groups and channels distributing logs and stolen data.

content_paste

Paste-sites and leak sites

Monitoring of Pastebin, ransomware group leak sites and data dump sites.

02 / DEEP WEB MONITOR

Deep Web Monitor

Visibility where attacks begin. Proprietary crawlers index forums, marketplaces and infostealer networks to detect exposed corporate data before it is weaponized as an attack vector.

language Native PT-BR coverage

We monitor the criminal ecosystem in Portuguese — including Brazilian Telegram channels and forums that international platforms do not cover.

03 / EASM

External Attack Surface Management

Continuous mapping of your external exposure. We discover assets your IT team doesn't know about — forgotten subdomains, open ports, expired certificates and misconfigurations that attackers exploit as entry points.

search Automatic discovery of domains and subdomains
router Identification of exposed ports and services
verified TLS/SSL certificate monitoring
device_unknown Shadow IT and unmanaged asset detection
hub Critical supplier exposure mapping

Typical discovered attack surface

Unlisted subdomains 47
Unauthorized open ports 12
Certificates nearing expiry 8
Services with critical CVEs 3

* Average from initial EASM assessments in financial and manufacturing sector clients.

bolt

Real-time IOC feeds

Continuously updated compromise indicators (IPs, domains, hashes) integrable with your SIEM.

groups

Threat actor profiles

Detailed reports on ransomware groups, APTs and regional actors active in Brazil.

api

REST API and native integrations

Connect intelligence feeds directly to Splunk, Microsoft Sentinel, IBM QRadar and SOAR platforms.

manage_search

Guided Threat Hunting

Tactical reports with hunting hypotheses based on MITRE ATT&CK TTPs.

04 / THREAT INTEL LAB

Threat Intelligence Lab

Actionable intelligence, not just data. Our analyst team transforms signals collected from the dark web and OSINT sources into tactical, strategic and operational reports that inform security decisions before the incident.

integration_instructions Native integrations

Splunk Microsoft Sentinel IBM QRadar CrowdStrike SentinelOne Palo Alto XSOAR ServiceNow REST API

Request a technical demonstration

Our engineers show the platform in your environment, with real data from your domain. No generic slides.

View managed services