Client-controlled runtime
The product retains its own local configuration, audit trail, licence state and operational workflow.
Deception security
Cybstyx Phylaxis Dolion Decoy Grid
Deception and honeypot grid with decoy assets, honeytokens, trap events, and attacker storyline evidence. The product is positioned as a client-controlled security engine with professional deployment, audit and integration boundaries.
Core responsibility
What this product is built to handle.
decoys, honeytokens, trap telemetry and attacker storyline
- Decoy asset registry
- Decoy builder and bait token engine
- Fake admin trap
- Honeypot sensors
- Attacker timeline, incident queue, evidence, and reports
Deployment and control model
Roles: Super Admin, Deception Admin, SOC Analyst, Operator, Auditor, Sensor Service
Authentication: Local RBAC with MFA; optional Eidon SSO; sensor service authentication.
Linked with: Optional Unified Cyber Security Command Center adapter, Chronyx timeline, Tekmerion evidence, Keraunix response, Topora resources, and Kleidion secret references.
Boundary: Decoys and local trap logging continue even without Unified Cyber Security Command Center.
Cybstyx model
Standalone product, optional ecosystem connection
The product should be strong alone first. Integration improves visibility and coordination, but it must not become an uncontrolled dependency.
Command-center option
SecOwl can receive approved events and show posture or evidence if the client enables the adapter.
Bounded integration
Products may connect to identity, evidence, licence, secrets or timeline services when policy allows.
Every action has context
Administrative changes, service events and proof exports should remain auditable.