Detect threats,
before they escalate.

Blue Team

Open-source SIEM on Swiss infrastructure. Your logs stay in the country, no vendor lock-in, full control over every layer. We deploy, configure and operate, you retain data sovereignty.

Why Security Monitoring Is Not a Luxury

Most attacks remain undetected for days. According to Mandiant M-Trends 2024, the median attacker dwell time in a network is 10 days. Sounds short, but it's enough for data exfiltration, lateral movement and ransomware deployment. Without active monitoring, the damage is done before anyone notices.

Commercial SIEM solutions cost hundreds of thousands of francs per year, lock you into providers with US-based infrastructure and require specialised staff for operation and tuning. For Swiss SMEs, this is neither affordable nor unproblematic from a data protection perspective.

We deploy Wazuh, a mature open-source SIEM platform, on Swiss infrastructure of your choice. Over 2,400 detection rules out of the box, configured to your environment, no log leaves Switzerland.

Our Approach

Phase 01

Infrastructure Assessment

Inventory of your IT landscape: endpoints, servers, cloud services, network devices. We define what should be monitored and which data sources are priority.

Phase 02

Deployment

Installation and configuration of Wazuh on Swiss infrastructure. Agent rollout to endpoints and servers, integration of cloud logs from AWS, Azure or GCP.

Phase 03

Detection Engineering

Configuration and prioritisation of detection rules for your environment. MITRE ATT&CK mapping, threshold adjustment, suppression of known false positives.

Phase 04

Dashboards & Runbooks

Building the dashboards your team actually uses, and writing runbooks for the most common alert types. Clarity on who does what for which alert.

Phase 05

Handover & Ongoing Support

Training your team, documentation of the entire configuration and optionally ongoing platform maintenance and rule updates by us.

What You Receive

SIEM Deployment on Swiss Infrastructure

Fully configured Wazuh instance, agent rollout and log ingestion. Your data stays in Switzerland.

Tuned Detection Rules

Over 2,400 rules out of the box, adjusted and prioritised for your environment. MITRE ATT&CK mapping included.

Operational Dashboards

Views for security events, compliance status, endpoint health and cloud activities. No dashboard graveyard.

Alert Runbooks

Documented action instructions for the most important alert types. Your team knows what to do, even at 2 AM.

Configuration Documentation

Complete documentation of deployment architecture and rule configuration. No dependency on us for ongoing operations.

Common Questions

What's the difference between SIEM and MDR?

A SIEM is a platform that collects logs, correlates them and generates alerts. MDR (Managed Detection and Response) is a service where an external team monitors alerts and responds to incidents. We deploy and configure the SIEM for you, optionally with ongoing operation and alert triage. Full MDR with 24/7 SOC is available on request.

Does my log data really stay in Switzerland?

Yes. We deploy on Swiss hosting infrastructure, for example at Exoscale, Init7 or a data centre of your choice in Switzerland. No log is transmitted to US-based or EU-based cloud providers. This is relevant for nDSG and ISG compliance.

How many alerts can I expect, and how many are false positives?

That depends heavily on the environment. Out of the box, SIEM deployments generate too many alerts for meaningful operation. That's why tuning is a central part of our deployment: we configure thresholds, suppress known false positives and prioritise rules according to your risk profile. The goal is an alert volume your team can handle.

Who maintains the SIEM after deployment?

You have the choice: either we hand over the system completely to your IT team with training and documentation, or we take over ongoing maintenance on a monthly basis, including rule updates, platform patches and capacity planning. Both options are available.

From Our Blog

praxis

Ransomware Attack on Your SME: The First 60 Minutes

23 March 2026 · 6 min read

compliance

nDSG and IT Security: 10 Technical Measures for SMEs

9 March 2026 · 7 min read