V
Vyrox / Signal Ops
For MSSPs & MDR Teams

We extract

the signal.

One analyst, every client tenant. Vyrox triages the EDR alerts you already manage, contains the real threats on your approval, and hands each client a tamper-evident record their auditor can verify.

Request Early AccessSee the Engine
The Problem

Most alerts are noise.

scroll to extract
The Answer

We extract

the signal.

Vyrox cuts through the chaos with absolute precision, delivering only actionable intelligence.

StatusSignal Acquired
HeuristicsSub-5 ms
Every ActionProvable
Section 02 / The Engine

A pipeline built to silence the noise.

Four stages, in order of decreasing certainty. Anything resolvable by code is. Anything resolvable by deterministic pattern is. Only the irreducibly ambiguous reaches the LLM, and never the human until it has to.

Gateway · /v1/webhook
10:24:01 RCV CrowdStrike · 4.2 KB
10:24:01 RCV CrowdStrike · 1.8 KB
10:24:02 RCV SentinelOne · 6.1 KB
… parsing JSON schema
"event_type": "ProcessRollup2"
"command_line": "powershell.exe -enc JABz..."
Stream Active3 events / 100 ms
Heuristics · rules/benign.yaml
evt_89291 · background_updater.exeMATCH · IGN_UPDATE
Dropped
evt_89292 · sysadmin_powershell
MATCH => rules/benign_admin.yaml
user.group == 'Domain Admins'
action SUPPRESS
evt_89293 · legitimate_npm_installMATCH · IGN_NPM
Reasoning · 220 tok
Vyrox Reasoning Engineevt_89294 · svchost.exe

“Analyzing execution tree for svchost.exe. Parent is unusual, but signature verifies as legitimate Microsoft telemetry. Against historical baseline this is benign with 99% confidence.”

verdict · BENIGNcost · $0.0008
Console · Approval · 11:05 AM
VY
VyroxAPP11:05 AM

Critical anomaly. High-risk memory injection detected on prod-db-01. Recommend isolation.

requires · human sign-offSLA · 5 min
Design Principle
“The system that never wakes you up is the one you trust. Vyrox earns silence by being right.”
Section 03 / Trust

Open-core. Total transparency.

Black-box decisions are a liability in the SOC. Vyrox's heuristics are inspectable, the Rust proxy is MIT-licensed, and every action is written to an append-only, SHA-256 chained log. The record you hand each client's auditor is tamper-evident since generation and independently verifiable.

0%Auditable logic
0Hidden prompts
0 minTo first alert
View on GitHubRead the docs
audit_log.json
APPEND-ONLY · SHA256
[10:42:01] INFO Alert evt_992 ingested
[10:42:01] INFO Eval rule 42a
[10:42:02] WARN No deterministic match
[10:42:02] INFO Route → LLM
[10:42:05] RESOLVED Verdict applied
[10:42:05] INFO hash = a7c…f12 (chain ok)
heuristics.yaml
Open-Core
name: Global Suppress List
rules:
- match: "process.name == 'updater.exe'"
action: SUPPRESS
confidence: 1.0
- match: "network.dest == '10.0.0.0/8'"
action: IGNORE
triage_engine.rs
pub struct TriageEngine {
heuristics: HeuristicSet,
llm_client: LLMTriage,
}
impl TriageEngine {
pub async fn evaluate(&self, alert: EDRAlert) {
if self.heuristics .is_false_positive(&alert) {
return Action::Suppress;
}
// Only the ambiguous reaches the LLM
let ctx = self.llm_client .triage(&alert).await?;
Ok(ctx.verdict())
}
}