Client-controlled runtime
The product retains its own local configuration, audit trail, licence state and operational workflow.
Response orchestration
Cybstyx Phylaxis Keraunix Response Grid
SOAR-like response grid for playbooks, approvals, containment, action tracking, and response evidence. The product is positioned as a client-controlled security engine with professional deployment, audit and integration boundaries.
Core responsibility
What this product is built to handle.
playbooks, approvals, action queues and rollback evidence
- Playbook studio
- Response approvals
- Containment queue
- Action runner and rollback controls
- SLA, incident workflow, and response evidence
Deployment and control model
Roles: Super Admin, Response Admin, SOC Analyst, Operator, Approver, Auditor, Service Account
Authentication: Local RBAC with MFA; optional Eidon SSO; signed service action authentication.
Linked with: Optional Unified Cyber Security Command Center adapter, Chronyx, Phylax, Orama, Phragma, Dolion, Tekmerion, Kleidion, Eidon, and Nomion.
Boundary: Central commands must be signed, approved, and audited; the local response console works without Unified Cyber Security Command Center.
Cybstyx model
Standalone product, optional ecosystem connection
The product should be strong alone first. Integration improves visibility and coordination, but it must not become an uncontrolled dependency.
Command-center option
SecOwl can receive approved events and show posture or evidence if the client enables the adapter.
Bounded integration
Products may connect to identity, evidence, licence, secrets or timeline services when policy allows.
Every action has context
Administrative changes, service events and proof exports should remain auditable.