VG

Cyber Ecosystem

Synapse-Vanguard

A self-hosted, data-sovereign SIEM.

Overview

Synapse-Vanguard is a self-hosted SIEM built for organisations that need full control of their log data. It ingests Windows and Linux telemetry via lightweight agents, applies keyword and severity alerting, and keeps every event on infrastructure you own.

Features

  • Windows & Linux agents with disk-buffered, replay-safe shipping
  • Keyword-based alert rules with per-rule webhook firing
  • False-positive suppression / tuning workflow for analysts
  • Events-per-second live meter and ingestion dashboard
  • Outbound HMAC-signed webhooks to downstream SOAR tools

Capabilities

  • RBAC (viewer / analyst / tenant admin) ported from the wider Synapse identity model
  • AES-256-GCM encrypted credential vault
  • MITRE ATT&CK technique tagging on parsed Windows events
  • Admin console: users, enrollment tokens, ingestion aggregates, webhooks
  • Consolidated single-process deployment for simple, low-maintenance hosting

Benefits

  • No data egress — logs never leave your network
  • Tuning workflow keeps analysts focused on real signal
  • Two-way event exchange with Synapse IronNode closes the detection-to-response loop

How it links to other apps

Vanguard exchanges events with Synapse IronNode: IronNode forwards its full incident lifecycle in as SIEM events, and Vanguard can fire outbound webhooks back into an IronNode playbook the moment a rule matches.

User guide Admin guide