Vyrox / Signal Ops

Autonomous SOC · v0.1 alpha

We extract

the signal.

99.8% of EDR alerts are noise. Vyrox cuts through the chaos with absolute precision — deterministic heuristics first, contextual reasoning second, human-in-the-loop for anything irreversible.

Request Early Access See the Engine

● SIGNAL ACQUIREDLAT 12 MS · FP 0.2%UPTIME 99.997

SCROLL ↓

The Problem

99.8% of alerts are noise.

scroll to extract

The Answer

We extract

the signal.

Vyrox cuts through the chaos with absolute precision, delivering only actionable intelligence.

StatusSignal Acquired

Latency12 ms

False Pos.0.2%

Section 02 / The Engine

A pipeline built to silence the noise.

Four stages, in order of decreasing certainty. Anything resolvable by code is. Anything resolvable by deterministic pattern is. Only the irreducibly ambiguous reaches the LLM — and never the human until it has to.

4 stages~12 ms p50Rust + Python

Stage 1 / 4

Ingestion Engine

Connect to your EDR via native APIs. Ingest millions of events per second with zero rate-limiting, buffering directly into hot storage.

Gateway · /v1/webhook

10:24:01 RCV CrowdStrike · 4.2 KB

10:24:01 RCV CrowdStrike · 1.8 KB

10:24:02 RCV SentinelOne · 6.1 KB

… parsing JSON schema

"event_type": "ProcessRollup2"
"command_line": "powershell.exe -enc JABz..."

Stream Active3 events / 100 ms

Heuristics · rules/benign.yaml

evt_89291 · background_updater.exeMATCH · IGN_UPDATE

Dropped

evt_89292 · sysadmin_powershell

MATCH => rules/benign_admin.yaml

user.group == 'Domain Admins'
action SUPPRESS

evt_89293 · legitimate_npm_installMATCH · IGN_NPM

Reasoning · gpt-4o · 220 tok

Vyrox Reasoning Engineevt_89294 · svchost.exe

“Analyzing execution tree for svchost.exe. Parent is unusual, but signature verifies as legitimate Microsoft telemetry. Against historical baseline this is benign with 99% confidence.”

verdict · BENIGNcost · $0.0008

Approval · #soc-vyrox · 11:05 AM

VyroxAPP11:05 AM

Critical anomaly. High-risk memory injection detected on prod-db-01. Recommend isolation.

requires · human sign-offSLA · 5 min

Design Principle

“The system that never wakes you up is the one you trust. Vyrox earns silence by being right.”

Section 03 / Trust

Open-core. Total transparency.

Black-box AI is a liability in the SOC. Vyrox's deterministic engine is open-core — inspect the logic, audit the rules, deploy entirely within your perimeter. The Rust proxy is MIT-licensed; the heuristics are yours.

0%Auditable logic

0Hidden prompts

0 dMean integration

View on GitHub Read the docs

audit_log.json

APPEND-ONLY · SHA256

[10:42:01] INFO Alert evt_992 ingested

[10:42:01] INFO Eval rule 42a

[10:42:02] WARN No deterministic match

[10:42:02] INFO Route → LLM

[10:42:05] RESOLVED Verdict applied

[10:42:05] INFO hash = a7c…f12 (chain ok)

heuristics.yaml

Open-Core

name: Global Suppress List

rules:

- match: "process.name == 'updater.exe'"

action: SUPPRESS

confidence: 1.0

- match: "network.dest == '10.0.0.0/8'"

action: IGNORE

triage_engine.rs

pub struct TriageEngine {

heuristics: HeuristicSet,

llm_client: LLMTriage,

}

impl TriageEngine {

pub async fn evaluate(&self, alert: EDRAlert) {

if self.heuristics .is_false_positive(&alert) {

return Action::Suppress;

}

// Only the ambiguous reaches the LLM

let ctx = self.llm_client .triage(&alert).await?;

Ok(ctx.verdict())

}

We extract

the signal.

99.8% of alerts are noise.

We extract

the signal.

A pipeline built to silence the noise.

Ingestion Engine

Deterministic Sub-system

Autonomous Triage

Human Override

Open-core. Total transparency.