Capability matrix

Everything you need to run a SOC

Detection, triage, remediation, compliance, threat intel — and the platform that ties it together.

See the platformView services
6curated outcome groups
24public highlights
24active live-verified capabilities
HorizonShield integrated platform architecture visual
Capability map

Coverage that connects the alert to the action

The groups below are curated public highlights. The signed-in portal is backed by 79 customer-safe registry entries: 24 active, 17 setup, and 38 readiness.

Detection

  • MITRE ATT&CK rule packs (450+ rules)
  • Endpoint + NIDS + cloud audit correlation
  • Behavioral baselining per customer
  • Custom rule authoring (YARA, Sigma, Lua)

AI Triage

  • Grounded LLM reasoner (asset-graph aware)
  • Noise suppression + dedup
  • Risk-scored routing
  • Analyst copilot in every alert

Remediation

  • Reversible playbook actions
  • Approval gates per risk tier
  • Curated runbook library
  • Custom TypeScript playbooks

Compliance

  • SOC 2, ISO 27001, PCI evidence collection
  • Continuous control monitoring
  • Audit-ready report exports
  • DPA + privacy policy templates

Threat Intel

  • IOC feed aggregation (free + premium sources)
  • Dark-web exposure monitoring
  • TLP-classified intel sharing
  • Custom watchlist authoring

Platform

  • EN + AR bilingual UI (RTL-native)
  • MSP multi-tenant with per-tenant isolation
  • API-first (every UI action has a REST endpoint)
  • Self-hosted or HS-managed deployment