IN

Cyber Ecosystem

Synapse IronNode

The lightweight SOAR with an AI analyst built in.

Overview

Synapse IronNode unifies a visual automation engine, a Zero-Trust identity layer, and an embedded Claude AI co-pilot — so lean security teams can triage and respond to threats in minutes, not hours, without shipping their data to anyone else's cloud.

Features

  • Drag-and-drop visual playbooks: Trigger → Enrich → AI Triage → Approve → Execute
  • Claude co-pilot scores every alert and proposes remediation in a structured format
  • Human-in-the-loop approval on every remediation action — nothing destructive runs unsigned
  • Tenant-aware auto-generated webhooks per playbook
  • IP / hash / geo-IP / WHOIS / URL / identity enrichment actions

Capabilities

  • True multi-tenancy via Postgres row-level security — one deployment, many clients
  • SOC-tier RBAC: analyst L1/L2/L3, administrator, platform admin
  • AES-256-GCM encrypted credential vault, short-lived sessions, enforceable MFA
  • Immutable JSON incident ledger, exportable as a branded PDF audit report
  • Self-hosted: one docker compose up, only the web port exposed

Benefits

  • An instant Tier-1 analyst for teams too lean to staff one
  • No per-seat SaaS lock-in and no data egress
  • Built for MSSPs: onboard many client tenants with strict isolation in one deployment

How it links to other apps

IronNode is a SOAR hub for the ecosystem: it receives Sonar's Zero-Trust violation webhooks and exchanges its full incident lifecycle with Synapse-Vanguard as SIEM events.

Sales sheet User guide Admin guide Training materials