Client-controlled runtime
The product retains its own local configuration, audit trail, licence state and operational workflow.
Threat investigation
Cybstyx Phylaxis Chronyx Threat Timeline
Event lake, threat timeline, correlation, case workflow, and investigation console. The product is positioned as a client-controlled security engine with professional deployment, audit and integration boundaries.
Core responsibility
What this product is built to handle.
event lake, attack timeline, cases and correlation
- Event intake and collectors
- Syslog, file, and CSV import
- Detection rules and IOC watchlist
- Attack story builder
- Case management, retention, and executive reports
Deployment and control model
Roles: Super Admin, SOC Admin, Analyst, Hunter, Auditor, Service Collector
Authentication: Local RBAC with MFA; optional Eidon SSO; collector or service authentication for event intake.
Linked with: Optional Unified Cyber Security Command Center adapter, Tekmerion evidence, Keraunix response, and event sources such as Phylax, Orama, Phragma, Dolion, Nyxara, and Topora.
Boundary: Timeline analysis continues locally; Unified Cyber Security Command Center outage only affects central visibility and command.
Cybstyx model
Standalone product, optional ecosystem connection
The product should be strong alone first. Integration improves visibility and coordination, but it must not become an uncontrolled dependency.
Command-center option
SecOwl can receive approved events and show posture or evidence if the client enables the adapter.
Bounded integration
Products may connect to identity, evidence, licence, secrets or timeline services when policy allows.
Every action has context
Administrative changes, service events and proof exports should remain auditable.