Case Study
AegisSOC XDR
Radar-driven XDR visibility and automated response flows for a fintech platform with 1M active users.
KafkaClickHouseS3Sigma RulesThreat IntelligenceSOAR
Project Details
The client processed around 6-10 TB/day of security and platform telemetry from CloudTrail, EDR, WAF, IAM, and API gateway streams. Detection latency and alert noise were increasing operational pressure on the SOC.
We implemented a Kafka-based ingestion layer, tiered storage with ClickHouse and S3, Sigma-driven detection rules, and threat intelligence enrichment. SOAR playbooks were integrated with PagerDuty, Jira, and Slack to automate response orchestration.
+Kodcuk Approach
Architecture decisions were shaped around scale, reliability, and operational clarity.
Key Delivery Layers
+A radar-style monitoring surface mapped threat flow progression in near real time.
+Rule tuning and enrichment quality controls reduced noisy detections.
+High-confidence cases triggered controlled actions such as token revoke, IP block, and host isolate.
Measured Outcomes
MTTD: 3.5 hours to 24 minutes
False positive: 34% to 18%
MTTR: 39% improvement
