IRIS
The AI-native SecOps platform. IRIS unifies detection, response and proactive threat hunting at scale — with AI doing the heavy lifting instead of a room full of analysts, so a small team gets the reach of a much larger SOC.
One console — from raw events to closed cases
IRIS watches your environment end to end: it ingests events from the sources you already run, surfaces what actually matters, and drives response from a single pane.
AI triage & correlation
Incoming events are scored, de-duplicated and correlated automatically — analysts open cases instead of wading through raw alerts.
Guided response
Every case arrives with context, an event timeline and recommended next actions — investigation and containment in the same console.
Proactive hunting
Run AI-assisted hunts across historical and live telemetry to uncover activity that never tripped a rule — find what passive detection misses.
Behavioral analytics (UEBA)
Live UEBA learns a normal baseline per user and entity and raises deviations the moment they occur, feeding straight into triage.
Continuous detection
Round-the-clock monitoring across your connected sources, with AI triage that cuts noise and elevates the signals that need a human.
Single pane of glass
Detection, response, hunting and behavioral analytics live in one platform — no stitching together a shelf of point tools.
Live in a few steps
An IRIS install goes from first launch to live, prioritized detections fast — no shipped default credentials to rotate.
- Open the appThe first sign-in provisions your administrator account — nothing to rotate.
- ActivateThe gate starts your 14-day trial (up to 5 sources) and reveals the install's build number once.
- Connect a sourcePoint IRIS at your first data source and let it begin ingesting events.
- Watch detections landAI triage surfaces prioritized signals as events flow in — then tune and expand.
One tier. You only dial the source count.
IRIS ships as a single PRO tier — no confusing editions to compare. The only dial is the number of sources you connect, so you scale the license to your environment and nothing else. Changes apply at the install's next heartbeat.
The reach of a larger SOC, without the headcount
AI-native by design — triage, correlation and hunting are handled by models rather than manual rule-wrangling.
- AI does the heavy lifting — scoring, de-duplication and correlation, not a crowd of analysts.
- Noise cut at the source — only the signals that need a human get elevated.
- Live behavioral analytics — anomalies correlated with everything else IRIS sees, not siloed.
- Proactive, not just reactive — AI-assisted hunts across live and historical telemetry.
- One platform — detection, response, hunting and UEBA in a single console.
- Simple to license — single tier, scaled only by source count, applied at next heartbeat.
Ingests the sources you already run
IRIS pulls from the security and identity sources you already operate — cloud and endpoint telemetry and device-management signals among them. New connectors are added regularly; need one that isn't covered yet? Just ask.
Give a small team the reach of a full SOC
Talk to the Hexarion team about an IRIS rollout or a guided proof of value — or dive straight into the documentation.