Enterprise-grade security monitoring with AI-powered threat detection, 52 detection rules, and tamper-proof blockchain log anchoring. Installs in 60 seconds.
curl -sSL https://threatchain.io/install | sudo bash
curl -sSL https://threatchain.io/install-agent | sudo bash -s -- --server https://YOUR_SIEM_IP:8403 --token YOUR_TOKEN
Claude, GPT, Ollama, or any OpenAI-compatible LLM. Triage alerts, hunt threats, analyze events in natural language.
Sigma-compatible YAML rules. SSH brute force, privilege escalation, lateral movement, data exfiltration, and more.
Scans against 9M+ known malware hashes. Batch processing at 1,591 files/sec. No signature updates needed.
Checks installed packages against 27K+ CVEs. Auto-generates remediation commands for your package manager.
Merkle root of all log hashes anchored on Arbitrum every 5 minutes. Tamper-proof. Auditor-verifiable.
EC P-256 certificates. Private CA generated at install. Agent keys never leave the host. Zero trust by default.
50 DISA STIG checks (15 CAT I, 20 CAT II, 15 CAT III). Reads actual system configs. Real compliance, not checkboxes.
SHA-256 baselines of critical files. Alerts on any change. Catches backdoors, config tampering, unauthorized modifications.
Isolate teams, agents, and data. RBAC with 5 roles and 47 permissions. SSO/LDAP/SAML 2.0 authentication.
| ThreatChain | Splunk | Elastic SIEM | |
|---|---|---|---|
| Price | Free | $2K+/mo | $1K+/mo |
| Install time | 60 seconds | Days-weeks | Hours-days |
| AI Analyst | Built-in | Add-on ($$$) | Limited |
| AV Scanner | 9M+ hashes | No | No |
| Vuln Scanner | 27K+ CVEs | No | Limited |
| Log Integrity | On-chain proof | Trust the server | Trust the server |
| Open Source | MIT License | No | Partial |
| Agent Auth | mTLS (EC P-256) | Token-based | Token-based |
One command. Generates your private CA, creates TLS certificates, sets up the database, starts the dashboard on port 8403. You get admin credentials and an enrollment token.
Run the agent installer on each server. It generates a key pair, enrolls with the server using the one-time token, receives a signed certificate, and starts monitoring. All traffic is mTLS-encrypted.
Agents collect syslog, watch files, monitor processes, scan for vulnerabilities and malware, and check STIG compliance. The server correlates events, fires detection rules, and the AI triages alerts.
Every 5 minutes, a Merkle root of all log hashes is anchored on Arbitrum. Anyone — auditors, regulators, incident responders — can independently verify a log existed at a specific time.
MIT License. Free forever. No signup required.