Skip to main content
Iranian APT surge. ThreatRespond free for partners.See if you qualify
Flagship · ThreatRespond™ · Managed XDR

We monitor everything you already run,
and we act.

ThreatRespond™ is vendor-agnostic Managed XDR. Keep your EDR. Add our 24/7 SOC. When a threat appears, we don't send a ticket; we contain it.

Become a partner Compare with ThreatDefend// Your tools. Our SOC.
In short

ThreatRespond™ is Vijilan's vendor-agnostic Managed XDR: "Your tools. Our SOC." It wraps a 24/7 US-based SOC around whatever EDR a client already runs (SentinelOne, Microsoft Defender, Carbon Black, CrowdStrike and more). The SOC advises at the Essential tier and acts directly from Advanced up via ThreatContain™, disabling accounts, isolating hosts, blocking IPs and suspending email domains. Four tiers (Essential, Advanced, Premium, Elite) each include ThreatLog™ SIEM with no data caps, and everything is white-labeled for MSPs, MSSPs and VARs.

Understand ThreatRespond In 90 Seconds

See how Vijilan's expert SOC turns complex alerts into clear, validated guidance your team can act on quickly.

How it works

Four steps.
No rip-and-replace.

01
Connect

ThreatRespond integrates with the EDR, identity and M365 the client already has. On-prem and network logs flow in through ThreatSensor™ (Cribl Stream).

02
Monitor

The 24/7 SOC watches everything through ThreatLog™ SIEM, with no data caps, ever.

03
Act

From Advanced up, the SOC takes direct action through ThreatContain™: disable accounts, isolate hosts, block IPs, suspend email domains.

04
Close the loop

Findings, response and reporting flow into the partner's PSA, fully white-labeled.

The tiers

Four packages.
One SOC behind them all.

The SOC advises at Essential and acts directly from Advanced up. ThreatLog™ SIEM with no data caps is included in every tier, something competitors charge extra for.

Essential
SOC advises · MSP executes

Endpoint, identity and M365, all monitored, 24/7. The foot-in-the-door tier.

  • 24/7 SOC monitoring, vendor-agnostic EDR (any endpoint tool)
  • Active Directory + Entra ID monitoring
  • Microsoft 365 monitoring (email, Teams, SharePoint)
  • Firewall & network logs via ThreatSensor™ (Cribl Stream)
  • ThreatLog™ SIEM: 90-day hot + 7-year archive, no data caps
  • Guided remediation · PSA automation · white-label
Become a partner
Most popular
Advanced
SOC acts directly

Full ITDR, active containment, the complete picture. This is the money tier.

  • Everything in Essential, plus:
  • ThreatContain™: disable accounts, isolate hosts, block IPs
  • Full ITDR (ThreatID™ Command): identity threat detection & response
  • ThreatWatch™: dark web credential monitoring
  • Cross-domain correlation · 1-year hot + 7-year archive
  • Compliance reporting: HIPAA, PCI DSS, NIST CSF, CMMC
Become a partner
Premium
SOC acts + hunts

Proactive threat hunting and compliance. CMMC-ready.

  • Everything in Advanced, plus:
  • ThreatHunt™: proactive hunting (MITRE ATT&CK playbooks)
  • ThreatSurface™: attack surface visibility
  • CMMC Level 2 audit evidence package
  • Dedicated concierge analyst
Become a partner
Elite
Concierge · by invitation

A named senior analyst and a custom program built around the client.

  • Everything in Premium, plus:
  • Named senior concierge analyst
  • Custom SLA · monthly threat intelligence briefing
  • IR retainer / vCISO access
  • Custom detection engineering for the environment
Become a partner
// pricing via Partner Portal · $500/mo platform minimum · 15% annual prepay discount · Elite by invitation
Coverage

Six domains.
Zero blind spots.

True mXDR means we watch the whole attack surface, and correlate signals single-tool providers miss.

Endpoint
EDR/XDR telemetry, process & file behavior, host isolation.
Identity
Anomalous sign-ins, MFA bypass, token theft, privilege escalation.
Network
Firewall, NDR, lateral movement, beaconing & C2 detection.
Cloud
AWS · Azure · GCP: misconfigs, IAM drift, workload threats.
Application
SaaS audit logs (M365, Google, Salesforce) and app-layer abuse.
Data
DLP signals, exfiltration patterns, ransomware staging behavior.
Add-ons · agent-agnostic

Extend the coverage.
No Falcon dependency.

ThreatRespond add-ons work with whatever the client already runs. Falcon-dependent capabilities live in ThreatDefend.

Identity

ThreatID™ Command

Standalone identity threat detection & response (ITDR) for any environment.

Hardening

ThreatHarden™

Security configuration hardening and posture management.

SaaS & cloud

SaaS & Cloud Security

Monitoring and response across SaaS and cloud workloads.

Browser

ThreatBrowse™

Browser security: agent-agnostic, no Falcon dependency.

Praxis AI Engine

Machine speed. Human judgment. One minute to contain.

Praxis is Vijilan's proprietary AI detection and investigation engine: the intelligence layer running inside our SOC on every alert, across every domain, before a human analyst acts. Praxis doesn't replace the human SOC; it makes our analysts operate at a speed and fidelity no purely human team can match.

Investigation

A LangGraph multi-agent pipeline auto-investigates every alert, correlating signals across all six domains simultaneously before presenting findings to the analyst.

Enrichment

IOC enrichment from threat intelligence feeds, MITRE ATT&CK technique mapping and severity scoring derived from real adversary behavior, not just CVE scores.

Triage

Automated alert triage separates confirmed threats from false positives before they reach a human analyst, reducing noise and ensuring every escalation is a real threat.

Context

RAG-powered threat context retrieves relevant historical patterns, similar incident precedents and client-specific environment data to inform every investigation decision.

LangGraph multi-agentMITRE ATT&CK mappingIOC enrichmentAuto-triageCross-domain correlationRAG threat contextBehavioral scoringHuman SOC amplifier
What Praxis is not

Praxis is not an autonomous agent that replaces human judgment. It is a force multiplier: the AI layer that enriches, correlates and prioritizes so that human analysts spend their time on confirmed threats, not alert noise. Every containment decision is made by a trained human analyst informed by Praxis, not by an algorithm acting alone.

~1 min
Median time to contain across the Vijilan SOC. No configuration. No additional cost.
We're online · book a SOC walkthrough today

Your tools.
Our SOC.

Keep the stack your clients already run and add a 24/7 SOC that acts. We'll show you the platform live and how fast your first tenant can be online.

Book a SOC walkthroughThreatRespond vs ThreatDefend