SNYFT
All the features you need for effective security monitoring of your IT infrastructure.
Request a DemoKey Features
Everything you need for comprehensive security monitoring
Log Collection & Aggregation
- Lightweight agent for Windows and Linux
- Native integration with AWS, Azure, and GCP cloud logs
- Automatic collection of system and application logs
- Hybrid Storage model (Hot/Warm/Cold) for scale
- Precise search across current and archived logs
- Normalization and data enrichment
- Custom Lookup Datasets — upload CSV files to enrich search results with asset context
- Saved Search Queries — save and reuse frequently used queries
Visualization & Dashboards
- Pre-built dashboards for common use cases
- Incident Investigation with Entity Graphs
- Interactive charts and time series
- Host & User activity deep dive forensics
- Export reports for compliance and audit
- Platform Activity Audit Trail — full log of admin actions, logins, and alert changes; tamper-evident and exportable
- User Activity Timeline — per-user event timeline inside alert detail for rapid forensics
- Analyst Notes — add collaboration notes and observations to any alert during investigation
Threat Detection & UEBA
- Pre-configured rules for common threats
- User and Entity Behavior Analytics (UEBA) — Professional+
- Anomaly detection in user and system behavior
- Process Lineage & Beaconing Detection (C2) — Enterprise only
- Event correlation across systems
- Sigma detection rules from global catalog — up to 200 enabled (Professional+)
- Shadow mode rule lifecycle — safe testing of new detections before going live
- Correlated Events — view all events within ±30 minutes of any alert
Automatic Alerts & Integration
- Ticket creation in Jira (Professional+)
- Slack notifications
- Email notifications with incident details
- Alert prioritization by severity (CRITICAL / HIGH / MEDIUM / LOW / INFO)
- Response Playbooks with MITRE ATT&CK mapping — auto-suggested runbooks per incident type
- Alert Suppression Rules — permanently eliminate known false positives
Works with your favorite tools
Professional+
AI-Powered Investigation
Optional, Transparent, Under Your Control
SNYFT includes an optional AI layer built on Amazon Bedrock, operated within SNYFT's own AWS infrastructure. Your data never leaves our environment — no configuration required on your end.
In-context investigation chat — ask natural language questions directly within any active incident
Automatic triage assessment — AI suggests severity, confidence score, and recommended response
AI executive reports — board-ready summaries generated in Czech and English from your real security data
False positive prediction — ML-based alert scoring reduces analyst queue fatigue
Powered by Amazon Bedrock within SNYFT's own AWS infrastructure — your data never leaves our environment
Every AI output is labeled as AI-generated and traceable back to source data
Fully opt-in — disable AI with one toggle; zero impact on core SIEM functionality
AI reports are generated in Czech and English — using terminology aligned with NIS2 and GDPR requirements.
On the Roadmap
Features we are actively working on.
Webhooks (outbound)
Customer-configurable webhook integrations to push alerts and events into your own systems.
SSO / Identity Provider
SAML and OIDC login support for enterprise identity providers.