DOCUMENTATION

IRIS

The AI-native SecOps platform. IRIS unifies detection, response and proactive threat hunting at scale — with AI doing the heavy lifting instead of a room full of analysts.

SECOPS PLATFORM AI-NATIVE THREAT HUNTING

Overview

IRIS watches your environment end to end: it ingests events from the sources you already run, surfaces what actually matters, and drives response from one console. The platform is AI-native by design — triage, correlation and hunting are handled by models rather than manual rule-wrangling, so a small team gets the reach of a much larger SOC.

Detection

Continuous monitoring across your connected sources, with AI triage that cuts noise and elevates the signals that need a human.

Response

Investigate and act from a single pane — context, timeline and recommended actions in one place.

Threat hunting

Proactive, AI-assisted hunts across your telemetry to find what passive detection misses.

Behavioral analytics

Live UEBA builds a baseline per user and entity and flags deviations as they happen.

Quick start

An IRIS install goes from first launch to live detections in a few steps.

  1. Open the app. The first sign-in provisions your administrator account — there are no shipped default credentials to rotate.
  2. Activate. The activation gate starts your 14-day trial covering up to 5 sources, and reveals the install's build number once. Keep that build number safe.
  3. Connect a source. Point IRIS at your first data source and let it begin ingesting.
  4. Watch detections land. AI triage starts surfacing prioritized signals as events flow in.
  5. Tune and expand. Add sources up to your licensed count and refine response workflows.

The trial can be started once per machine — the marker is durable, so a reinstall won't reset it. Contact us if you need more time or more sources.

Licensing & trial

IRIS ships as a single PRO tier — there are no confusing editions to compare. The only dial is the number of sources you connect, so you scale the license to your environment and nothing else.

License changes are applied at the install's next heartbeat — nothing to copy by hand. The active tier and source allowance are always visible to your administrator in the account area.

Core capabilities

AI triage & correlation

Incoming events are scored, de-duplicated and correlated automatically, so analysts open cases instead of wading through raw alerts.

Guided response

Each case arrives with context, an event timeline and recommended next actions — investigation and containment happen in the same console.

Proactive hunting

Run AI-assisted hunts across historical and live telemetry to uncover activity that never tripped a rule.

Behavioral analytics (UEBA)

IRIS runs live user-and-entity behavior analytics over your event store, learning a normal baseline for each identity and entity and raising deviations the moment they occur. Behavioral signals feed straight into triage, so anomalous activity is correlated with everything else IRIS sees rather than living in a silo.

Data sources

IRIS meets your stack where it is, ingesting from the security and identity sources you already operate — including cloud and endpoint telemetry and device-management signals. New connectors are added regularly; if you need a source that isn't covered yet, let us know.

Support

Rolling IRIS out across a larger environment, or want a guided proof of value? The Hexarion team is one message away.

Talk to us →