Flagship Product

WarnHack SIEM

Enterprise-grade Linux SIEM for Indian startups & SMEs

One agent. Full visibility. Automated response. Install in 30 seconds, monitor everything — IDS, IPS, FIM, rootkit scanning, centralized logs, and real-time dashboards.

Built-in IDS Rules

30s

Install Time

₹999

Starting Price/mo

24/7

Automated Response

Start Free Trial View Pricing

Why WarnHack?

Problems We Solve

Enterprise-level security shouldn't require enterprise-level budgets or teams.

Enterprise SIEMs cost ₹10L+/year

✅ Starts at ₹999/month for 5 servers

No dedicated security team

✅ Automated IDS + IPS handles detection & response 24/7

Logs scattered across servers

✅ Centralized log ingestion, search & correlation

Rootkits go undetected for weeks

✅ Scheduled rootkit scans with chkrootkit + rkhunter

File tampering noticed after damage

✅ Real-time FIM with SHA-256 hashing

No cross-server attack visibility

✅ Cross-server correlation engine detects campaigns

Core Features

Everything You Need in One Agent

A single lightweight Go binary that monitors everything on your Linux servers.

Intrusion Detection System — 12 Built-in Rules

Your servers are monitored around the clock with pattern-based detection. Plus: create your own custom rules with regex patterns, severity levels, and response actions.

🔐

SSH Brute Force

5+ failures per IP in 60s

⚠️

SSH Root Login

Any successful root SSH session

👤

New User Created

useradd/adduser events

🛡️

Sudo Abuse

20+ sudo commands in 5 min

🔍

Port Scan

20+ ports probed in 10s

📡

New Listening Port

New LISTEN state detected

⏰

Cron Modification

Changes to /etc/cron*

🔓

SUID Binary

chmod 4xxx on new files

💀

Reverse Shell

bash >/dev/tcp patterns

🕷️

Web Scanner

40+ 4xx responses in 60s

📝

Passwd Modified

/etc/passwd hash change

⚙️

SSH Config Changed

sshd_config modification

Real-Time Dashboard

12 Purpose-Built Dashboard Views

A modern glassmorphism UI built on Next.js 15 with live updates via WebSocket. All pages update in real-time — no manual refresh.

Overview

Security summary, active IPS blocks, FIM changes, rootkit status

Servers

Server list with status indicators, risk scores, tags

IPS Actions

Active blocks with countdown timers, history, manual block

FIM

File change timeline, hash diffs, critical file highlighting

Rootkit Scanner

Server status grid, scan history, detailed findings

Alerts

Filter, acknowledge, resolve — with severity badges

Logs

KQL search bar, saved searches, CSV export

Analytics

Event volume charts, top attackers, MTTD/MTTR metrics

Correlations

Cross-server attack visualization & attack graph

Compliance

SOC2/ISO 27001 scores, control status, report export

Threat Map

World map with severity-colored attack bubbles

Custom Dashboard

Drag-and-drop widget builder — create your views

Advanced Capabilities

Beyond Basic Monitoring

Risk Scoring Engine

Dynamic risk score 0-100 per server, updated every 60 seconds. Factors in alerts, IPS blocks, rootkit status, and FIM changes.

Cross-Server Correlation

Detects coordinated attacks targeting multiple servers. 5-minute correlation window with visual attack graph.

Threat Intelligence

Automatic IP reputation via AbuseIPDB. Known attackers (score ≥50) auto-escalate to critical severity.

Geo-IP Enrichment

MaxMind GeoLite2 integration. Every event enriched with country, city, coordinates. Powers the threat map.

AI Anomaly Detection

Z-score anomaly detection on event patterns. Learns normal baselines per server, flags statistical outliers.

Custom Dashboard Builder

Drag-and-drop widget placement. Mix metrics, alerts, logs. Save, share, and use on mobile.

Notifications

Multi-Channel Alerts

Get alerted wherever your team works. Severity filtering per channel, test notifications, and graceful degradation.

📧

Email

SMTP-based with severity-colored templates

💬

Slack

Webhook integration with color-coded attachments

✈️

Bot API with emoji severity indicators

🔗

Webhook

Custom HTTP POST to any endpoint

🚨

PagerDuty

Events API v2 for on-call escalation

Security & Compliance

Enterprise-Grade Security

Authentication

JWT with access (15min) + refresh (7-day) token rotation
bcryptjs with 12-round hashing
TOTP MFA — Google Authenticator, Authy
Agent Auth: x-agent-token + JWT + mTLS
4 roles per tenant: Owner, Admin, Member, Viewer

API Security

Rate Limiting: Auth 15/15min · Agent 30/10s · API 100/min
Helmet.js — CSP, X-Frame-Options, HSTS
Strict CORS origin whitelist
Joi schema validation on every endpoint
Generic error messages — no info leakage

Data Protection

TLS 1.2+ enforced on all connections
MongoDB Atlas encryption at rest
mTLS with client certificates + CA verification
API keys SHA-256 hashed
MFA secrets excluded from all API responses

✅ SOC 2✅ ISO 27001✅ Multi-Tenant Isolation✅ 90-Day Log Retention

Installation

One Command. That's It.

Auto-detects architecture, installs as systemd service, generates config, and starts monitoring immediately.

terminal

$ curl -sSL https://install.warnhack.io | bash

✓ Architecture detected: amd64

✓ Agent installed to /usr/local/bin/

✓ Systemd service created

✓ Config at /etc/warnhack/agent.yaml

🔒 WarnHack agent is now monitoring this server.

Tech Stack

Built With Modern Technology

Agent

Go 1.24 static binary (zero dependencies)

Backend

Node.js 20, Express 4, MongoDB Atlas, Redis

Frontend

Next.js 15, TypeScript, Tailwind CSS, Framer Motion

Analytics

ClickHouse (columnar storage, materialized views)

Auth

JWT + TOTP MFA + mTLS + bcryptjs

Real-time

Socket.io (WebSocket with fallback)

Pricing

Simple, Transparent Pricing

All plans include: real-time dashboard, log search, auto-updates, multi-tenant team management.

Free

₹0

2 Servers

100,000 Events/month

Basic monitoring
5 IDS rules
Email alerts

Get Started

Starter

₹999/mo

5 Servers

500,000 Events/month

Full IDS/IPS
FIM
Rootkit scanning
Slack/Telegram alerts