ABTDS
Pilot

Product

How ABTDS works.
Detection, triage, investigation, defence.

We're writing the deep-dive pages — Detection, Triage, Investigation, and Adaptive Defence. Below is the elevator version. Drop us a line if you want the full architecture walkthrough today.

Built differently

Three things every EDR should do.
Three things only ABTDS does at this price.

01 / 03

9-Factor Explainable Scoring

The radar that ends 'why did this fire?'

Every alert is decomposed into 9 weighted factors — IF anomaly, failed logins, geo risk, time risk, baseline deviation, context flags, velocity, interaction bonus, threat intel. Each one shows its math, its threshold, and the per-user baseline it's measured against. Caps sum to exactly 100. No mystery scores.

IF anomaly · 25failed logins · 20geo risk · 15+6 more
02 / 03

Gemini-Powered Triage

An on-call analyst on every CRITICAL

When an alert crosses HIGH, we ship the structured event to Gemini for analysis. Out comes the attack-type classification, a likely-actor verdict (self / external / unknown), a plain-English summary, and concrete SOC + user action recommendations. Indexed back onto the alert. Schema-locked. Nothing to read between lines.

Attack typeLikely actorSOC actionsUser actions
03 / 03

MITRE + Sigma + ML

Signature meets anomaly, not either-or

Every event tagged with its MITRE technique and tactic. Sigma rules layer on top of Isolation Forest — so a known-bad command line fires HIGH even if the user's behaviour looks fine. Anomaly catches the novel; signatures catch the known. Both surface in the same triage queue with provenance shown.

T1110.001r001 · Encoded PST1041T1543.003

A tour

Four pages.
Everything you need. Nothing you don't.

Command Center 01 / 04

Live operational pulse

Severity counts, alert volume by hour, top-risk users, world map of foreign sources, adaptive defence state — one page. Updates every 10 seconds. Built for the IT manager who has 90 seconds between meetings.

Alert Inspector 02 / 04

Every alert, fully shown

9-factor radar. MITRE technique chip. Sigma rule provenance. Gemini analysis. Matched playbook from your library. Triage controls. WHOIS network ownership. VirusTotal verdict. All on one screen. No second clicks.

Investigation 03 / 04

Per-user baseline ribbons

When you drill into a user, every feature shows their median, IQR, and the deviation of recent events. Red traces where they crossed the 95th percentile. No more 'is this normal for j.morton?' — the answer is on the page.

Model Health 04 / 04

Adaptive defence, transparent

See the clean-event buffer fill. Watch retrains land — or get rejected by the canary check. The adversarial drift guard log shows every rejected poisoning sample with the user and reason. Auditable ML, not 'trust us'.

REJECTED

The right decision

If you're tired of alerts you can't explain, starting an ABTDS pilot is the right decision.

30 days. Up to 50 endpoints. No card. No call required to start. Real data, your VPS, your decision at the end.

Start your pilot See the demo first

Or email founders@abtds.io — we read every one