Your Stack. Our SOC. Every Threat.
Vijilan’s 24/7 SOC monitors and responds across all six security domains using whatever technology your clients already run. Any EDR. Any firewall. Any cloud. Any identity provider. At Premium tier, we act on their existing tools without replacing a single one.
ThreatRespond Wraps Around the Stack Clients Already Have
ThreatRespond uses Vijilan’s ThreatSensor virtual appliance, powered by Cribl Stream, to ingest and normalize signals from every existing tool across every domain in about an hour. No agents to install beyond ThreatSensor. No tools to replace.
ThreatSensor Deploys
A virtual appliance normalizes logs from firewall, EDR, cloud, identity and email into one unified stream.
24/7 SOC Monitors All 6 Domains
The SOC watches network traffic, endpoint signals, identity events, cloud activity, email flow and app behavior simultaneously.
Human Analyst Triages Every Alert
Every alert is reviewed by a human analyst before the partner sees anything. Less noise. Higher fidelity.
Guided or Active Response
Core and Advanced provide guided remediation. Premium lets the SOC act directly on the existing tools.
The SOC Acts. No Tool Replacement Required.
At Premium tier, Vijilan’s SOC does not just guide. It acts directly on whatever technology the client already runs.
- Isolate a host running SentinelOne or Microsoft Defender
- Disable a compromised account in Entra ID or Active Directory
- Block a phishing domain on the client email gateway
- Enforce firewall rules at the network level across any vendor
- Revoke active sessions and enforce MFA across identity providers
- Act without rip-and-replace or tool displacement
Six Domains. Every Signal Correlated.
ThreatRespond monitors all six domains simultaneously. Cross-domain correlation catches lateral movement, identity compromise followed by cloud exfiltration, and phishing that turns into endpoint infection.
Endpoint
Workstations, laptops and servers monitored through whatever EDR the client already runs. No agent conflicts and no displacement.
Network
Firewall logs, IDS/IPS events and network flows ingested from any vendor through ThreatSensor.
Identity
Every login, privilege change and suspicious access pattern. Identity is monitored on every tier.
Cloud & SaaS
Cloud workloads, SaaS apps, configuration changes and access events correlated with endpoint and identity signals.
Email & Data
Phishing, BEC, mailbox forwarding rules and data exfiltration. At Premium, the SOC can block domains directly.
Apps, IoT & OT
Web application logs, API events, IoT device signals, OT/SCADA systems and mobile devices.
Vijilan SIEM (LogScale) feeds the 24/7 human SOC.
All signals normalize through ThreatSensor and correlate inside Vijilan SIEM. SIEM is included at every tier, with no data volume charges.
Domain Modules and Service Tiers
ThreatRespond tiers cover all six domains, but clients with specific gaps can add individual domain modules without a full-tier commitment.
Managed EDR Monitoring
SOC monitoring layer on top of the client’s existing EDR. Works with any endpoint agent, with no replacement and no new agent.
- Works with SentinelOne, Defender, Carbon Black, Cortex XDR, CrowdStrike, Sophos and more.
Managed Firewall & Network Monitoring
24/7 SOC monitoring of firewall logs, IDS/IPS events and network flows. Detects lateral movement, command-and-control traffic and anomalies without changing firewall configuration.
- Works with Fortinet, Palo Alto, Cisco, SonicWall, Meraki, Juniper, Check Point, pfSense and UniFi.
Managed Identity Threat Detection
Full ITDR across Entra ID, AD and Okta. Works independently of any existing EDR, with no conflicts with SentinelOne, Defender or other endpoint agents.
- Available standalone. No product switch required.
Managed Exposure Management
Continuous asset discovery, vulnerability prioritization and external attack surface management. SOC prioritizes remediation by active threat context, not only CVSS.
- Works with any EDR or endpoint solution.
Managed SaaS Security
SaaS Security Posture Management across 150+ applications including M365, Google Workspace, Salesforce and Slack. Misconfiguration detection, shadow SaaS discovery and GenAI governance.
- Pure API-based monitoring. No endpoint agent needed.
Managed Cloud Security Monitoring
SOC monitoring across AWS, Azure, GCP and M365. Cloud configuration changes, suspicious API calls, unauthorized data access and workload anomalies are correlated with endpoint and identity signals.
- Works with AWS CloudTrail, Azure AuditTrail, GCP Audit Log, M365 and Google Workspace.
Core
24/7 SOC across all six domains. Any technology.
- Any EDR and any firewall
- AD + Entra ID and Microsoft 365 monitoring
- Vijilan SIEM with 90-day hot + 7-year cold retention
- ThreatSensor virtual appliance powered by Cribl Stream
- Guided remediation and full white-label
- Guided - SOC instructs
Basic compliance report – 1 framework
Advanced
Full identity coverage, compliance, cloud monitoring and dark web monitoring.
- Everything in Core
- Full ITDR for BEC, impossible travel, OAuth abuse and privilege escalation
- Okta + Google Workspace identity monitoring
- AWS, Azure and GCP cloud monitoring
- 1-year hot + 7-year cold log retention
- ThreatAssess - 20 prospecting scans/month
- Guided - SOC instructs
HIPAA, PCI DSS 4.0, NIST CSF 2.0, CMMC L1, FTC Safeguards
Premium
SOC acts on clients’ existing tools with no replacement.
- Everything in Advanced
- SOC isolates SentinelOne, Defender or any EDR host
- SOC disables accounts in Entra ID or Active Directory
- SOC blocks phishing domains on existing email gateways
- SOC enforces firewall rules across any vendor
- Threat hunting across all six domains
- Dedicated named SOC concierge
- SOC Acts - on existing technology
CMMC L2 + SOC 2 audit evidence
Elite
Full active mXDR plus custom engineering and advisory support.
- Everything in Premium
- Custom detection engineering across all six domains
- vCISO advisory hours and board-ready reporting
- Forward-deployed Vijilan engineer
- Custom compliance for CMMC L3, DORA and NIS2
- Cribl data pipeline optimization
- Full Active mXDR + bespoke
CMMC L3, DORA, NIS2
Your Clients Run Microsoft. We Monitor All of It.
Most SMBs run on Microsoft 365, Azure, Exchange and Windows. ThreatRespond ingests and correlates every Microsoft signal natively. For clients on Microsoft Defender for Business, Vijilan layers SOC-grade analysis on top of what they already own.
Microsoft 365 & Exchange
Phishing, BEC, mailbox forwarding rules and admin changes. At Premium, SOC blocks malicious domains.
Azure + Entra ID
Login anomalies, privilege escalation and lateral movement. At Premium, SOC disables accounts and revokes sessions.
Windows Endpoints
Deep Windows event log collection through WEF and Syslog. SOC can isolate Defender-protected hosts at Premium.
Microsoft Defender Managed
Clients keep Defender. Vijilan monitors Defender alerts in SIEM and correlates with identity, cloud and network signals.
Turn a dormant M365 license into enterprise-grade MDR.
Microsoft Defender for Business is included in M365 Business Premium, which most SMBs already pay for. ThreatRespond adds the SOC monitoring and response layer on top. Better protection. Lower cost. No new technology to buy.
Everything Partners Need to Know
Does ThreatRespond work with my clients' existing EDR?
Yes. ThreatRespond is fully vendor-agnostic. It integrates with CrowdStrike, SentinelOne, Microsoft Defender, Carbon Black, Palo Alto Cortex XDR, Sophos, WatchGuard, Cylance, McAfee and Symantec without requiring replacement.
Can the SOC actively contain threats on clients' existing tools?
Yes, at Premium tier. Vijilan SOC can isolate a host running SentinelOne or Defender, disable a compromised Entra ID account, block a phishing domain on Mimecast or enforce firewall rules without replacing the client technology.
Can I purchase ThreatRespond for a specific domain only?
Yes. Partners can start with a specific domain such as managed firewall monitoring, managed EDR monitoring or managed identity threat detection, then expand to full tier coverage when the client is ready.
What's included in the Vijilan SIEM?
The Vijilan SIEM is powered by CrowdStrike LogScale and included at every tier with no data volume charges. Core includes 90-day hot plus 7-year cold retention. Advanced and above include 1-year hot plus 7-year cold.
How is ThreatRespond different from ThreatDefend?
ThreatRespond works with whatever technology clients already run. ThreatDefend is Vijilan’s fully managed service where Vijilan provides the complete CrowdStrike Falcon stack. ThreatRespond clients can add individual ThreatDefend modules without switching products.
Are there minimum seat counts or annual contracts?
No. There are no minimum seat counts, minimum spend requirements or annual contracts. Partners can start with a single client, and a 30-day no-questions-asked opt-out trial is available.
Machine Speed. Human Judgment. One Minute to Contain.
Praxis is Vijilan’s proprietary AI detection and investigation engine — the intelligence layer running inside our SOC on every alert, across every domain, before a human analyst acts.
- LangGraph Multi-Agent
- MITRE ATT&CK Mapping
- IOC Enrichment
- Auto-Triage
- Cross-Domain Correlation
- Human SOC Amplifier
Your Stack. Our SOC. Every Threat Covered.
ThreatRespond is priced per endpoint and per user per month. No flat fees, no data volume charges on SIEM and no hidden costs. Pricing scales with the client, not against them. Exact pricing is available exclusively to verified Vijilan partners through the Partner Portal or your Channel Manager.