// tool reference · Monitoring & Detection
SOC Console Business
Multi-tenant log ingestion, rule-based detection and alerting.
What it does
The multi-tenant SOC surface — ingestion, detections, incidents and AI triage. Superseded by the unified SOC Operations console.
When to use it
- You are running continuous log ingestion rather than one-off analysis.
What you get back
Incidents, detections, entity risk and alerting.
Worked example
Input
(continuous ingestion via POST /api/logs/ingest)
Output (abridged)
INCIDENTS (open) inc_4f2a HIGH Brute-force -> success srv-01 203.0.113.45 inc_4f31 MED Impossible travel user@corp ENTITY RISK srv-01 78 high 4 detections / 24h user@corp 41 medium 1 detection Unlike the Log Analyzer, this PERSISTS -- it has to, because correlation over time is the whole point. Data is partitioned by tenant and derived from your API key, never from a request field.
How it works
Deterministic detection on ingest; AI triage on a schedule.
Limits
Read live from the platform configuration.
| Rate limit | 30 requests / 60s (platform default) |
Limitations — what it does not do
Detection quality depends on what you ingest. It cannot correlate a log you never sent. Start with authentication events -- highest signal per byte.
Privacy
Ingested events ARE stored, partitioned by tenant. This is the one analysis path that persists by design — it has to, to correlate over time.
Standards
MITRE ATT&CKSOC 2 (CC7.2)