Early development · Alpha Q4 2026

Incident response docs,
without the chaos.

Self-hosted IR workspace for SOC teams. Timeline-first, local-AI assisted, SharePoint-synced. Deploy in under 3 minutes.

⚡ Join the waitlist See features →
🐳 Docker in <3 min 🔒 Self-hosted AGPL-3.0 🤖 Local AI (Ollama)
🔍 VirusTotal
🛡️ AbuseIPDB
🕵️ Shodan
🔑 Azure AD / Entra
📤 SharePoint
🤖 Ollama
🔍 VirusTotal
🛡️ AbuseIPDB
🕵️ Shodan
🔑 Azure AD / Entra
📤 SharePoint
🤖 Ollama / Claude / OpenAI

Core Platform

Everything your SOC team needs.
Nothing they don't.

From first alert to final report — all in one self-hosted workspace. Free, open-source, yours.

🕐
Timeline-First Investigation
The timeline is the central record. Add entries by type, auto-timestamp, paste screenshots, drag to reorder. IOCs in your text are auto-detected on save.
🎯
IOC Auto-Enrichment
Paste any text — IPs, domains, hashes, emails auto-detected. VirusTotal + AbuseIPDB + Shodan fire on add.
📧 Email[email protected]
🌐 Domainsupport-verify.xyz
🔢 IP185.220.101.47
VT + AbuseIPDB + Shodan
🤖
Local AI Reports
Runs Ollama locally. Generates executive summaries and analyst recommendations. No data leaves your network.
Ollama
📊
Report Template Builder
Compose reports from drag-and-drop blocks. Save named templates per audience — management, analysts, legal.
⋮⋮📄Cover Page
⋮⋮📊Stat Rowseverity · duration
⋮⋮🤖AI Narrativelocal Ollama
PDF
📤
SharePoint Auto-Sync
Every update regenerates the management brief on SharePoint. 60s debounce. Management opens a link — no logins.
Last synced 2 min ago
Structured Task Playbooks
Phase-grouped checklists load from the incident template the moment a case opens. Always visible on the right side.
Validate phishing report
Block domain at DNS
Reset 3 compromised accounts
Report Builder

Reports for every audience

Compose reports from drag-and-drop field blocks. Save named templates per audience. Management gets executive language; analysts get full technical depth; legal gets the compliance structure.

📊
Management Brief
Executive summary, stat row, active IOCs, AI narrative, containment actions.
🔬
Technical Report
Full timeline, all IOCs with enrichment scores, evidence register, task checklist.
⚖️
Legal / Compliance
Root cause, detection timeline, affected data, regulatory obligations, preventive actions.
📄 PDF
Report Template Builder — Management Brief Preview ↗
⋮⋮📄Cover Pagetitle, ref, severity
⋮⋮📊Stat Rowseverity · duration · users
⋮⋮📝Executive Summaryincident.exec_summary
⋮⋮🤖AI Narrativelocal Ollama
⋮⋮🎯IOC Tablefilter: active
⋮⋮🕐Timelinefilter: containment

Add Block

📋 Text Block
📎 Evidence Reg.
H Header
── Divider
Page Break
📤

SharePoint Auto-Sync — INC-2026-0315

SEV-1 Phishing — Finance Team INC-2026-0315
SharePoint Sync — Active
Template: Management Brief
Trigger: On every change (60s debounce)
Destination: /sites/SOC/IR Reports/
Last synced 2 minutes ago
Recent Sync Events
11:33📤 Report rendered → uploaded to SharePoint
11:32✓ New timeline entry → sync queued
11:15📤 Document updated → management notified
SharePoint Auto-Sync

Management is always up to date

Every update to the incident — new timeline entry, task ticked, IOC added — regenerates the management document on SharePoint automatically. No manual steps. No stale reports.

60-second debounce
Rapid changes don't fire multiple uploads. Waits 60 seconds of quiet, then renders and uploads once.
🔐
They never need IRDoc access
Management reads a SharePoint document — the tool they already use. No new logins, no training.

Roadmap

Built in the open.
Shipping Q4 2026.

Everything listed as shipped is already in the codebase. Alpha puts it in your hands.

Core Incident Workspace
Timeline-first investigation with entry types (detection, analysis, containment), IOC management with auto-enrichment, evidence attachments, structured task playbooks, and investigation graph.
✓ Shipped
Report Builder + Local AI
Drag-and-drop template builder composing reports from field blocks. PDF, DOCX, Markdown export. Local Ollama AI for executive summaries and analyst recommendations — no data leaves your network.
✓ Shipped
SharePoint Auto-Sync
Debounced automatic push to SharePoint on every incident update. Management reads a link — no IRDoc access required.
✓ Shipped
Integrations + Enterprise Auth
VirusTotal, AbuseIPDB, Shdoan. OIDC SSO (ENTRA ID / Azure AD). Inbound webhook API for any ticketing tool.
✓ Shipped
Alpha Release
First public release for early testers. Self-hosted via Docker Compose in under 3 minutes. Open invitation to everyone on this waitlist.
⚡ Q4 2026
Multi-tenancy + MSSP Mode
Full org isolation, immutable audit log, custom branding, and MSSP-ready architecture for managing multiple clients.
2027
people on the list

Stop writing incident
reports by hand.

IRDoc alpha ships Q4 2026. Enter your email and we'll send you an invite — no marketing, no SaaS pitch, just access when it's ready.

✓ You're on the list. We'll reach out when alpha is ready.

Your email goes to our Brevo list · No spam, no SaaS pitch