SOC Guru is a SaaS platform by AlpenShield that enables organisations to run their own SOC or MDR service based on Microsoft Sentinel. It covers the full incident lifecycle - detection, enrichment, AI-driven triage, 24/7 alerting, mitigation, SLA, ticketing and reporting - without building the …

SOC Guru is designed for two primary audiences: MSSPs who want to build and operate their own branded MDR service, and enterprise organisations that want to run professional security operations in-house without hiring a full SOC team or an external MDR provider. The platform’s multi-tenancy and …

Traditional MDR providers operate your security on your behalf - you hand over control and receive alerts. SOC Guru takes a different approach: it enables you to run your own SOC operations with enterprise-grade tooling. You retain full visibility and control, your data stays in your own Microsoft …

SOC Guru is built on Microsoft Sentinel and integrates with the full Microsoft Security stack. However, it supports all data sources which Sentinel supports, meaning basically all EDR, firewall and other vendors on the market.

You need an active Microsoft Azure subscription with a dedicated Resource Group for Microsoft Sentinel. For log sources beyond the Microsoft Security stack (e.g. firewalls, network devices), you are responsible for directing log data into Sentinel. AlpenShield provides Sentinel-side connector support …

SOC Guru supports hierarchical account levels and multi-tenancy. Parent nodes have full visibility into their own data and all child nodes, while child nodes see only their own data. Each node operates its own Microsoft Sentinel instance. This makes it ideal for MSSPs managing multiple customers, or …

The SOC Guru Agent is an AI-powered autonomous analyst layer that operates around the clock. It handles high-volume, repetitive tasks automatically: enriching incidents, executing containment actions, querying end-users for context, and closing incidents based on configurable confidence-level …

Based on operational experience, the SOC Guru Agent can automatically resolve incidents through AI-driven triage and auto-closure. Each incident receives a confidence score - when the score exceeds the threshold you configure, the incident is closed automatically. You set the rules: which severity …

Yes. SOC Guru offers multiple mitigation layers, all of which are configurable per customer. AI-triggered mitigation handles high-confidence threats automatically. Rule-based mitigation uses predefined playbooks via Sentinel Automation Rules. You can also define your own automatic mitigation rules …

SOC Guru uses a straightforward pricing model: a one-time setup fee plus a recurring monthly subscription. The monthly fee includes a base amount with a defined number of licensed users, plus a per-user fee for additional users above the included quantity. Exact pricing is agreed individually.

Yes, SOC Guru is fully white-labelable.

Yes. AlpenShield GmbH is certified to ISO/IEC 27001:2022. The SOC Guru service is operated in compliance with GDPR. All data processing details are documented in the Data Processing Agreement. Certification and audit reports are available upon request. Your log data in your Sentinel instance remains …

The onboarding process is designed to be completed within approximately two weeks, subject to your team’s availability and environment complexity. The process includes completing technical prerequisites on your side, AlpenShield verifying the environment and completing baselining, and then the …

During onboarding, you set up the technical prerequisites (Azure subscription, Sentinel resource group, Entra ID app registrations, log data configuration). AlpenShield verifies your environment, completes baselining of your Sentinel instance, deploys detection rules, and configures the automation and …

Log data ingested into Microsoft Sentinel resides exclusively in your Azure tenant — it is never transferred to AlpenShield. AlpenShield’s platform components are hosted in Azure Europe by default, with alternative regions available upon request.