OxiSec SIEM, firewall, sunucu ve uygulama loglarını gerçek zamanlı toplayıp AI destekli korelasyon ile saldırıları tespit eden Türkçe bir güvenlik bilgi yönetimi platformudur. Fortigate, MikroTik, WatchGuard, Plesk gibi popüler ürünlerle çalışır.

Evet. Community planı tamamen ücretsizdir ve kredi kartı gerektirmez. 1 cihaz, 50.000 log/gün ve 14 gün log saklama içerir. İhtiyaç büyüdükçe Starter (€11/ay), Business (€44/ay) veya Enterprise planlara yükseltebilirsiniz.

OxiSec KVKK ve 5651 uyumlu mu?

Evet. OxiSec hem KVKK (Kişisel Verilerin Korunması Kanunu) hem de 5651 sayılı yasaya tam uyumludur. Tüm loglar HMAC-SHA256 ile imzalanır, Forensic Bundles özelliği ile mahkeme delili niteliğinde delil arşivi oluşturur.

Hangi cihazlarla çalışır?

Fortigate (FortiOS), MikroTik (RouterOS), WatchGuard, Sophos, Plesk (mail/web), Keenetic ve syslog destekli her cihazla çalışır. Cihaz tipine göre otomatik kural paketi yüklenir.

Kurulum ne kadar sürer?

Tipik kurulum 15 dakikada tamamlanır. Cihazınızdan syslog forwarding aktif edip OxiSec sunucu IP'sini girmeniz yeterlidir. Auto-Mode aktif edildiğinde tehdit pattern'leri otomatik olarak yüklenir.

AI özelliği nasıl çalışıyor?

OxiSec yerel (on-premise) çalışan Ollama LLM kullanır — verileriniz dışarı çıkmaz. AI dört seviyede çalışır: log özeti, korelasyon doğrulama, alarm filtresi (FP azaltma) ve Hunt asistanı (doğal dil sorgulama).

New Incident Management + A.I. Summary

Your firewall logs are now turning into security intelligence.

Name: OxiSec SIEM
Availability: InStock
Author: OxiSec

Collects your FortiGate, MikroTik, WatchGuard and Keenetic logs, isolates real attacks with A.I. correlation. 5 incidents instead of 500 alerts — a SIEM that thinks like an analyst.

🚀 Start for Free → How it works?

No credit card required unlimited time Installation in 5 minutes

Installation 5 minutes

KVKK & ISO 27001 compliant

Free plan

oxisec.com/incidents

INC-20260422-0075

Coordinated Attack on Port 6855 🇵🇱 🇧🇬 🇺🇸

critical

Source IP

Deneme

184K

Duration

34dk

12:34:05 203.0.113.45:58218 → port_scan ✓ detection 12:34:07 192.0.2.88:— → multi_source_attack ● 12:34:12 → Clustered to Incident: INC-0075 12:34:14 ✓ A.I. analysis: botnet coordination detected

99.9%BLOCKING RATE

Live

Processing 2,147 logs/min

How does it work

Security operation in 3 steps.

Installation is not complicated. Your firewall is already sending syslog — we listen and interpret it.

01 · CONNECT

Connect firewall with syslog

Show the syslog IP of your FortiGate, MikroTik, WatchGuard, Keenetic devices. Installation in 5 minutes, RouterOS script is ready. You do not need to install additional software on a device.

02 · ANALYSIS

A.I. + correlation engine works

7-layer analysis: parser → GeoIP → threat intel → pattern match → A.I. scoring → correlation → incident clustering. Reduces noise, shows only real threats.

03 · TAKE ACTION

Manage incidents, generate reports

Each event comes with MITRE ATT&CK tags, timeline, access status. Confirm, resolve, mark false positive — MTTR is measured. KVKK and ISO 27001 reports are prepared automatically.

Yetenekler

Enterprise SIEM, Turkish and accessible.

Splunk / QRadar level features, but without the clutter. Designed specifically for installation.

Incident Management

Automatically clusters alarms into contextual events. 5 clustering rules, MITER mapping, A.I. summary, access status detection.

20+ Attack Patterns

Port scan, SMTP brute, password spray, multi-stage campaign, after-hours access, mail flood — firewall + mail + Windows.

2FA + Audit Log

Two-step verification with Google Authenticator. All user actions are recorded. Ready evidence for KVKK.

GeoIP + Threat Intel

IP location, ISP, abuse score. AbuseIPDB, Blocklist.de, Tor exit integration. Automatic blacklist and cooldown management.

Multi-Tenant

Multiple customers in one panel. Data isolation guaranteed. Ideal for MSSP and agencies. Separate report per tenant.

PWA · Mobile Compatible

Add it to the home screen on Android and iOS and use it as an application. Notifications, offline access, responsive design.

5651 Uyumlu Log Saklama

Legal log retention period is ready. Hash signed archives, audit reports, retention policy management.

A.I. Powered Analysis

Turkish explanation for each high score log with Oxi 6 Model.

Auto Defense

Auto-Mode: threat score 90+ IPs automatic blacklist. Integrated blocking with firewall. All actions are in the audit log.

Hunt A.I. Assistant NEW

Ask logs with natural language:"Are there any suspicious incidents last night?"A.I. scans all logs, creates filters, shows evidence. Speech memory.

Investigation Mode NEW

Perform 7-step analysis of an IP or user with one click. Allowlist, past alarms, threat intel, geographic information — with A.I. verdict.

e-mail Security Analytics NEW

Plesk/Postfix e-mail traffic — who sends it to whom? SMTP brute force detection, banner sweep, compensated account analysis, outbound spam.

Forensic Bundles NEW

Incident archives signed by HMAC-SHA256. It is court evidence. Integrity verification, chain of evidence, 5651 compliant.

Auto-Mode A.I. NEW

A.I. dynamically learns thresholds and automatically filters false positives. 56 rules are automatically loaded depending on the device type. Activated with one click.

Webhook and Automation NEW

Slack, Teams, n8n, Jira, your own SOAR — critical events are sent via HMAC-signed HTTP POST. Retry logic included.

5651 e-mail Signing NEW

Plesk/Postfix mail logs are signed and archived with HMAC-SHA256. 2 years retention, court evidence, KVKK compliant.

Live Dashboard v6

SSE alarm strip, MITER heatmap, world map and customizable widgets — real-time updates while the panel is open.

Adaptive Parser

Unknown log format learned It is learned in the phase; It turns into the official device type (e.g. pfSense) with approval and promotion from the panel.

what you see

business value, not log noise.

The raw log is a nightmare. Thousands of them flow every second. We give you:"Describe what is happening right now in 5 sentences".

How many IPs were attacked?— instantaneous meter, geographical distribution
Has the system been accessed?— blocked / partial / compromised
How long did it take?— start/end, how many attempts
MITRE ATT&CK map— attack tactics and technique
What should I do?— A.I. recommendation, action buttons

# Example from a real incident
incident_code: "INC-20260422-0075"
title: "Coordinated Attack on Port 6855 — 25 IPs"
severity: critical
access_status: blocked   # 🛡 NO access to the system

metrics:
  source_ips:       25   # from different countries
  countries:        ["PL", "BG", "US"]
  total_attempts:   184875
  blocked:          184875  # %100
  duration_minutes: 34

MITRE:
  tactics:    ["TA0001 — Initial Access"]
  techniques: ["T1190 — Exploit Public-Facing App"]

ai_summary: |
  Organized attack on the same port by 25 IPs from different countries
  carried out. Bulletproof hosting infrastructure
  was used. All attempts are blocked by firewall
  blocked, access to the system was not provided.

recommendation:
  - "Close Port 6855 from WAN"
  - "Permanently block offensive subnets"
  - "GeoIP filter: foreign obstacle"
      