SYLink
Free diagnostic
Security Operations Center · 100% designed by SYLink

SYLink SOC — sovereign 24/7 AI detection

SYLink SOC combines DPI probe, EDR agent and SYLink AI model in a platform entirely designed by SYLink. 24/7 detection, French analysts, NIS2 / GDPR compliance. Hosted in France via our sovereign partners (Unitel HDS V2, OVH ISO 27032, Ikoula, Scaleway, O2Switch).

For HDS V2-certified healthcare needs, the joint offering UniSOC (Unitel + SYLink partnership) deploys SYLink SOC on Unitel's HDS V2-qualified infrastructure.

Request a demoUniSOC option — HDS V2
24/7
Detection
100% FR
Sovereignty
SYLink AI
AI backbone
< 15 min
Response
DPI + EDR + AI + FR analyst

SYLink SOC architecture

Three signal sources converge on the SYLink SOC platform, which correlates them through SYLink AI before final qualification by a French analyst.

DPI probeMini / Pro / VMEDR agentWin / macOS / LinuxSYLink AIMoE 512 expertsSYLink SOCSovereign AI SOCFR analystFinal decisionResponseContainment < 15 min
Technical promises

Four SYLink SOC pillars

  • Multi-source detection

    SIEM logs, EDR agents (Windows / macOS / Linux), DPI probes (up to 70,000 IPs), darkweb, Wi-Fi, Activity (Windows Event ID). One single correlation point.

  • SYLink AI engine

    Triage augmented by SYLink AI (MoE, ~3B active / token). Weak-signal correlation, prioritization by real risk. Humans remain the decision-makers.

  • Incident response

    Containment, eradication, restoration from clean backups, regulator report. French 24/7 hotline, no outsourcing outside the EU.

  • Threat hunting

    Hypotheses guided by MITRE ATT&CK, proactive exploration of weak indicators, detection-rule updates.

From raw log to decision

Analysis pipeline

  1. 01

    Collection

    EDR agents, DPI Mini / Pro / VM probes, Activity, Leaks, Vizu, application logs.

  2. 02

    Normalization

    Unified CIM format, enrichment with business context, MITRE ATT&CK and CVE mapping.

  3. 03

    AI detection

    Sigma / YARA rules + SYLink AI analysis. 3-level triage (info, suspect, critical).

  4. 04

    FR analyst

    Human validation, contextual qualification, response decision — always by a French analyst.

  5. 05

    Response

    Automated or guided containment, escalation to CERT, hotline for the CISO, post-incident report.

  6. 06

    Learning

    Lessons learned, rule updates, model retraining, shared threat intelligence.

Operational scope

Services covered

  • Alert triage

    All alerts are qualified, never lost. Noise reduced by 70%.

  • Investigation

    Memory / disk / network forensics, multi-stage reconstruction.

  • Threat hunting

    MITRE ATT&CK hypotheses, proactive search across 5 years of DPI storage.

  • Containment

    Network isolation, accounts disabled, perimeter hardened within minutes.

  • Regulator reporting

    Incident report for the regulator, support for internal and customer communications.

  • Compliance

    NIS2, ISO 27001, HDS, PSSIE reporting — your compliance is continuously attested.

Target audiences

For whom

  • Local authorities

    Towns, EPCI, regions — pooled supervision, PSSIE compliance.

  • SMB / Mid-market

    NIS2 compliance, remote work, multi-site — SOC included in the advanced pack.

  • Large groups

    Augmentation of your internal SOC, for your sovereign assets.

  • Hospitals

    Care continuity, HDS compliance, integration into the hospital IT system.

  • OIV / OSE

    Sovereign SOC compliant with LPM, no outsourcing outside the EU.

  • MSP

    Multi-tenant, white-label, recurring margins for your managed offering.

NL hunting · UEBA · narrative · scoring

Describe your need — AI builds the dashboard

No need to write Splunk SPL queries or hand-craft Sigma rules to explore your logs. Your analysts — or even a non-technical CISO — describe their question in plain language. SYLink AI (on-premise, Blackwell GPU) generates the right dashboard: filters, panels, KPIs, drill-downs. No outbound query, no call to OpenAI, no log sent outside France.

Analyst prompt
> “Show me admin accounts
that signed in from a new
country this week”
Analyst, CISO, executive
SYLink AI engine
SYLink AI · on-premise
  • UEBA
    Anomalous behaviors
  • NL Hunting
    Natural-language queries
  • Narrative
    Attack-chain reconstruction
  • Scoring
    Prioritization by real risk
Zero outbound queries · on-prem LLM Blackwell GPU
Generated dashboard
12
New countries
47
Sessions
3
Critical
192.168.4.21 · admin@corp · 🇩🇪 DE
10.0.2.55 · root@infra · 🇸🇬 SG
172.16.1.4 · ops@corp · 🇧🇷 BR
Generated in under 5 seconds
↓ NL prompt ↓ 4 AI levers ↓ Generated dashboard ↓
MTTD < 5 min

Detection in minutes, not months

Where traditional SOCs show an MTTD of 194 days, SYLink SOC measures 5 minutes for covered MITRE techniques.

0 outbound tokens

Pure on-premise LLM

Ollama + Sylink2:27b on Blackwell GPU hosted at Unitel Marseille (HDS V2). No request to OpenAI, Mistral cloud, or any other third party.

HDS V2 + ISO 27001

Sovereignty in writing

French Unitel datacenter certified HDS V2 and ISO 27001:2022. Updates deployed in canary 5/25/100%, tenant isolation guaranteed.

Unitel partnership for healthcare

UniSOC option — HDS V2 hosting

unisoc.fr

SYLink SOC deployed on Unitel HDS V2 infrastructure

UniSOC is the joint offering launched with Unitel at Forum InCyber Europe 2026: SYLink SOC technology operated on Unitel's HDS V2-qualified infrastructure. Target: hospitals, clinics, ESMS, medical practices and local authorities handling health data. The technology remains 100% SYLink (AI, DPI probes, EDR); Unitel provides sovereign hosting and healthcare-qualified storage.

Discover unisoc.fr

Launch your sovereign SOC

30-day POC on a pilot perimeter, integration with the existing SIEM, CISO support. No outsourcing outside the EU, ever.

Start a POCCyber emergency