AI triages. A hash chain proves it. Regulators accept it.
Transform Sentinel and CrowdStrike alerts into audit-grade evidence. Driven by an AI agent for deep analysis and secured by SHA-256 cryptography, ResilienceChain creates a verifiable record of truth. Instantly generate NCSC CAF compliance packs or execute secure, cross-tenant sharing for seamless collaboration.
Run the full NIST incident lifecycle, contain threats, and benchmark your MTTR, all from one workspace.
Microsoft Sentinel · opened 14m ago
LokBit deployment traced across FIN-SRV-03 and HR-WKS-14 via identical enc.elf hash. 72h deadline approaching; no REPORT action underway.
The problem
Alerts fire in the SIEM. Evidence fragments across EDR, email, Slack screenshots, PDFs. Regulator notifications miss the 72-hour NIS2 deadline because the report starts from zero. Cross-tenant handoffs happen over email.
Your SIEM fires. Your response lives in a disconnected doc. Every handoff means manual copy-paste and broken context.
Cross-tenant sharing happens over email. The audit trail lives on someone's laptop. Regulators can't independently verify anything.
Regulator notifications fail because drafting starts from zero. A week of Word-doc work that should take minutes.
How it works
Every step leaves an append-only trail in a per-tenant SHA-256 hash chain, so the incident timeline is independently verifiable. Click any step below to see the machinery.
Incident lifecycle
Each stage is a chained event. Skipping a stage is flagged by the Triage Agent; lingering in one triggers a regulatory-deadline warning on the incident card.
Platform
Every evidence file gets a full structured briefing - summary, IoCs, MITRE tactics, suggested actions, confidence. Incident-level triage correlates across files to flag lateral movement you'd otherwise miss.
Every event is SHA-256-chained per tenant. A regulator or external auditor can recompute the chain from exported events using only the published spec - no RC code required.
Every payload - AI analysis, webhook envelope, chain proof - is defined in a published JSON Schema. Partners write conforming code once; any RC tenant works.
Outcomes
Evidence Agent analysis in 20–30s. Triage plan in 30–40s. Coordinators stop reading raw logs to decide if the thing matters.
NCSC CAF-aligned HTML pack assembled from the chained events. What took a week of Word-doc drafting takes minutes.
Share an incident to your MSP, regulator, or sector peer with a scope. The receiver gets the full chain, cryptographically intact.
Auditors don't have to trust you - they compute the SHA-256 chain themselves against the published spec. No RC code. No intermediary.
Pilot
The pilot programme wires ResilienceChain up to your real SIEM feed for 2–4 weeks. Run one incident through it end to end. Your regulator pack. Your coordinator reviewing the triage. Your chain proof.
2–4 week guided rollout on your SIEM feed.
For MSPs, forensics firms, and regulators building on the open schema.
Pricing
Free forever for small teams. During the pilot phase we onboard customers hands-on - Stripe self-serve billing lands after the first cohort.
Our pilot tenant receives synthetic Sentinel alerts every few minutes. Log in to the demo, watch the Evidence Agent analyse a ransomware log, and click the chain-verified badge to inspect the SHA-256 proof.