PRODUCT · GRC & COMPLIANCE

Obrenix

A self-hosted Compliance, Risk & Governance platform. Automated controls, continuous monitoring and AI-driven audits — running as a single set of Docker containers on your Linux host. Your data never leaves your network.

SELF-HOSTED AI ON-PREM MULTI-COMPANY AUDIT-READY
ISO 27001DORASOC 2 NIST CSFNIS2GDPR
WHAT YOU GET

One console for the whole compliance lifecycle

From the controls register to auditor evidence packs — Obrenix turns your live signals into continuous, demonstrable compliance, without a crowd of analysts.

Controls register

ISO 27001:2022, DORA, SOC 2, NIST CSF 2.0 / 800-53, NIS2, GDPR, OWASP ASVS, CIS — plus custom packs. Per-control status, owner, evidence and cross-framework mapping.

Continuous monitoring

Automated checks pull a live signal from a connected source and evaluate it against a threshold — on a schedule, with alerts. A passing check can auto-mark its mapped controls.

Risk management

A risk register with likelihood × severity scoring, treatment, residual risk and a heatmap — with every risk linked to the controls that cover it.

Policy governance

Upload policies with nested procedures, read them in a Word-like view, export to PDF/Word — and approve a policy to auto-close the controls it satisfies.

AI analysis — on-prem

Built-in AI (local by default) summarises posture, proposes control mappings and routes ingested data. No data egress unless you opt into a cloud provider.

Evidence & auditor packs

Attach files, links, Jira tickets or approved policies to any control. One-click auditor evidence pack (ZIP) per framework, with an immutable change history.

HOW IT WORKS

Read-only by default. Nothing leaves the host.

Standard integrations only read from their source — they never modify your systems.

  1. Connect data sourcesObrenix pulls from an integration's API (read-only), or you push data in via the Ingest API.
  2. Normalise & storeSignals land in PostgreSQL and render as controls coverage, dashboards and reports.
  3. Monitor continuouslyScheduled checks re-evaluate live signals and keep control status and evidence current.
  4. Demonstrate complianceAuditors get read-ready evidence packs and an immutable change history — on demand.
FRAMEWORKS OUT OF THE BOX

Map once, satisfy many

Built-in framework packs with AI cross-mapping — close a control in one framework and see where it lands in the others. Bring your own custom control packs too.

ISO 27001:2022 DORA SOC 2 NIST CSF 2.0 NIST 800-53 rev5 NIS2 GDPR OWASP ASVS CIS Controls + Custom packs
SECURITY POSTURE

Built to stay inside your perimeter

Only the web tier publishes a port. The API, database and AI engine stay on the internal Docker network and never face the internet.

CONNECT YOUR SOURCES

Pulls from the tools you already run

Most integrations are read-only — Obrenix makes an outbound connection and pulls. A few push notifications or forward events to your SIEM. No dedicated tile? Build a custom HTTP source or push via the Ingest API.

SOC & Telemetry — Azure Monitor · IRIS · Cloudflare Identity — Okta · Entra ID MDM — Hexnode · IRU AppSec — Whitespots AI — Claude · ChatGPT · local Ollama People — HiBOB · Spark · NINJIO Workspace — Jira · Confluence · Slack Data Branch — Hirdman PRO · GitLab
See every integration & what it needs →

Self-host compliance you can actually demonstrate

Talk to the Hexarion team about an Obrenix rollout, an air-gapped install, or a tailored compliance scope — or dive straight into the documentation.