Capabilities - Augmenta Cyber Security

Capability 01 / Xaelo

Xaelo - automated triage & case orchestration.

Xaelo is our custom software platform for strict compliance, fraud prevention and budget efficiency. It acts as the central backbone of our security team - pulling in data, adding helpful context, labelling the threat type, and passing each case to the right level of engineer.

Unlike standard commercial security-automation tools (SOAR) that take months of tedious coding to set up, Xaelo is shaped to our operating model from the ground up - which lowers operational cost and shortens onboarding.

It is split into small, locked, heavily encrypted compartments. To log into Xaelo, users must first go through our master security gatekeeper, which controls access to every other company server and database.

Bespoke Triage Enrichment Case routing

Xaelo triage engine Live

142

events / min

14.2 k

processed today

3

tier queues

Pipeline enrich → classify → route

Enrich

142/m

→

Classify

142/m

→

Route

84/m

Case in flight INC-2026-0142

family: credential-stuffing

0.92

Routed → Tier 2 queue

Tier routing last 1 h

Tier 1

64

Tier 2

18

IR

2

Capability 02 / Vault

Zero‑trust secrets & identity.

Our HashiCorp Vault deployment is the foundation of our identity model. Human access is mediated by Active Directory via LDAP; applications authenticate via AppRole with response‑wrapped SECRET_IDs. Database access uses dynamic credentials, scoped per‑application.

Every privileged operation is logged with a request identifier, source address and authenticated identity, and shipped to our SIEM. If audit logging fails, the platform fails closed.

LDAPS AppRole Dynamic DB creds HMAC audit SoD enforced

Identity model

Domain	Examples	Scope
Vault platform	vault‑admin, vault‑operator, vault‑auditor	Platform administration, KV, audit
CSOC operations	csoc‑tier1, csoc‑ir, csoc‑engineer	Tiered, secret/csoc/**
Applications	fga‑app, sirp‑backend, soc‑triage	AppRole, per-app KV + dynamic DB

Manager and Auditor roles are explicitly forbidden from overlapping - verified weekly.

Capability 03 / Tiko‑Ceemo

Real-Time Infrastructure Events Alerting.

Tiko‑Ceemo is our state‑change alerting service. It dispatches critical alerts over the Meta WhatsApp Business API and piggy‑backs over the WhatsApp messaging tunnel, improving the movement of the traffic. Alerts fire only on state transitions, which keeps the channel meaningful and within WhatsApp’s policy envelope, and minimises data‑costs to engineering and technical staff.

The implementation supports multiple recipients, runs against a temporary or permanent system‑user token, and is ready for an optional webhook to receive delivery status and replies.

Meta WhatsApp API State-change Approved structure Multi-recipient Webhook-ready

9:41 5G

Tiko-Ceemo 7 services · 1 down

All Internet Power

Internet

ISP3 - Microwave DOWN

since 14:32 SAST · last reachable 12 m ago

ISP2 - LTE DEGRADED

jitter 42 ms · down 18 Mb · last 5 m

ISP1 - Fibre UP

220 Mb / 110 Mb · 14 ms · last check 30s

Electricity

Mains power UP

230 V · 49.9 Hz · last check 30s

Generator STANDBY

0 h runtime · 84 L fuel · tested 3 d ago

Solar inverter UP

3.2 kW · today 18 kWh · last 1 m

UPS battery UP

98% charge · runtime 42 m · last 1 m

Servers Alerts Settings

Capability 04 / Sentinel

Automated firewall audit.

Sentinel continuously compares firewall configurations against a client‑specific baseline and against industry standards. Each drift produces a finding: severity, owner, recommended remediation, and the diff that caused it.

Findings are shipped to the SIEM and surfaced in a living register, queryable by analyst tier or by client unit. The output is evidence, not a static PDF.

Baselines Industry standards Drift detection Continuous SIEM-queryable

A finding looks like

Severity	High
Rule	Inbound ANY → mgmt port
Baseline	Deny outside corp‑jump
Detected	2026‑05‑21 09:14 UTC
Owner	Platform/Networks
Remediation	Restrict source, request change ticket

Capability 05 / Intelligence Sharing

Regulator‑grade intelligence sharing.

A structured platform that allows us to securely report incidents to the regulators of the markets we operate in. It enforces consistent reporting taxonomy, supports redaction policies, and produces a signed submission envelope that the regulator can verify independently.

The platform also archives historical submissions. When a regulator asks “has this happened before, and what did you do?” the answer is a query, not a project.

Signed envelopes Taxonomy-driven Redaction Auditable archive

Submission Pipeline #INC-2026-0142

01

Taxonomy enforced

schema incident.v2 · 14 fields validated

✓
02

Redaction applied

3 PII fields masked · policy v1.4

✓
03

Envelope signed

ed25519 + sha-256 manifest

✓
04

Archived (immutable)

urn:augcyba:submission:0142

✓
05

Delivered to regulator

BoB CSIRT · structured JSON-LD

✓

Envelope signature Verified

Algorithm

ed25519 + sha-256

Issuer

augmenta-csoc

Recipient

BoB · CSIRT

Signed at

14:32:18 SAST

Fingerprint a5e4 f29c 08d3 7b6a c5e1 9f2b 4a8d 6e3f

The platforms we have built in‑house.