64 FEATURES · 9 MODULES · 1 CONSOLE

Everything you need.
Nothing you don't.

RookGuard unifies 64 cybersecurity features in a single platform: detection, investigation, response, compliance and intelligence. Every module is designed to work with the others — not to sell you another upsell.

14-day free trial View pricing
64
Native features
9
Integrated modules
3 000+
Pre-wired Sigma rules
< 1h
Full deployment
01
Managed SOC24/7 Security Operations Center
8 FEATURES
01

24/7 human monitoring

French-speaking analysts based in France, on duty day and night.

02

Automatic triage

Alert prioritization by criticality and business context.

03

NIS2 Playbooks

Over 40 pre-wired runbooks for every incident type.

04

Smart escalation

Targeted notification based on severity and time of day.

05

Digital forensics

Complete post-incident analysis with chain of evidence.

06

Proactive threat hunting

Active search for dormant threats in your environment.

07

Dedicated analyst

Named contact for Enterprise and MSP plans.

08

ANSSI reports

Automated incident declaration in regulatory format.

02
SIEMReal-time event correlation
10 FEATURES
09

Multi-source collection

Unlimited log ingestion from any source.

10

Real-time correlation

Continuous analysis, detection in under 30 seconds.

11

Native Sigma rules

Over 3,000 community-maintained open source rules.

12

MITRE ATT&CK

Complete mapping of adversary tactics and techniques.

13

12-month retention

Long-term storage included with no per-GB surcharge.

14

Full-text search

Ultra-fast engine across all historical logs.

15

Customizable parsers

Create parsers for your proprietary sources.

16

IoC enrichment

Geolocation, WHOIS, live IP and domain reputation.

17

Custom dashboards

Customizable dashboards by team and role.

18

Multi-channel alerts

Email, Slack, Teams, webhook, SMS — you choose.

03
XDRExtended detection and response
10 FEATURES
19

Lightweight endpoint agent

Under 30 MB in memory, CPU impact below 2%.

20

Behavioral EDR

Detection through process analysis, not signatures.

21

Network NDR

Lateral traffic analysis to detect adversary movement.

22

Cloud CWPP

AWS, Azure, GCP and OVH protection with configuration scanning.

23

Identity ITDR

Account abuse and privilege escalation detection.

24

Email protection

Anti-phishing filtering, attachment sandboxing.

25

Automatic isolation

Immediate quarantine of compromised machines.

26

Ransomware rollback

Instant restoration of encrypted files.

27

Process tree

Graphical visualization of an attack execution chain.

28

Dynamic sandboxing

Automatic detonation of suspicious files in an isolated environment.

04
AI CopilotVirtual analyst in French, hosted in Europe
6 FEATURES
29

Alert explanation

Every alert decoded in clear language, understandable by non-experts.

30

Suggested remediation

Concrete action proposals with ready-to-use commands.

31

Executive reports

Automatic generation of monthly executive summaries.

32

NIS2 Audit

Automatic compliance check with per-domain scoring.

33

Contextual chat

Ask your questions, get sourced answers.

34

AI Sovereignty

No data leaves Europe. No training on your data.

05
Vulnerability ManagementContinuous inventory and prioritization
6 FEATURES
35

Automatic inventory

Continuous discovery of all assets connected to your network.

36

Continuous CVE scanning

Known vulnerability detection without manual intervention.

37

Risk-based prioritization

EPSS ranking + business context to focus effort.

38

Patching workflows

Patch campaign orchestration with tracking.

39

Remediation tracking

Vulnerability lifecycle tracking from detection to closure.

40

Shodan integration

Monitoring your public Internet exposure.

06
NIS2 ComplianceComplete coverage of European obligations
8 FEATURES
41

NIS2 Mapping

All NIS2 controls mapped and tracked automatically.

42

Evidence collection

Automatic capture of compliance evidence for audits.

43

Gap analysis

Quarterly compliance gap analysis with action plan.

44

Policy library

Ready-to-adopt and customizable policy templates.

45

ANSSI Declaration

Pre-filled forms for 24h/72h incident declarations.

46

Board reports

Governance-oriented summaries for your executive bodies.

47

Risk register

Dynamic register with scoring and treatment plan.

48

Supply chain

Cyber assessment of your critical suppliers.

07
Threat IntelligenceContextual cyber intelligence
4 FEATURES
49

Exclusive IoC feeds

Indicators of compromise updated every 15 minutes.

50

APT actor profiles

Detailed profiles of groups targeting your sector.

51

Campaign tracking

Active campaign tracking by sector and geography.

52

TLP management

Strict adherence to Traffic Light Protocol classifications.

08
Dark Web MonitoringUnderground marketplace monitoring
4 FEATURES
53

Credential monitoring

Immediate alert if a company password leaks.

54

Brand monitoring

Detection of brand mentions on underground forums.

55

Data leaks

Early identification of exposed databases related to you.

56

Real-time alerts

Notification within minutes of detecting an exposure.

09
IntegrationsOpen by design, interoperable everywhere
8 FEATURES
57

Slack / Teams / Discord

Native notifications and response commands from your channels.

58

Microsoft 365 / Google

Authentication and messaging log ingestion.

59

Active Directory / LDAP

User synchronization and anomaly detection.

60

Firewalls

Fortinet, Palo Alto, Checkpoint, pfSense, Stormshield connectors.

61

Third-party SIEM

Export to Splunk, Elastic, QRadar if you keep an existing SIEM.

62

Custom webhooks

Trigger any external workflow on events.

63

Complete REST API

Everything visible in the console is accessible via API.

64

SSO SAML / OIDC

Unified authentication with your existing IDP.

64 features.
One decision.

Start a 14-day trial. No credit card. Everything activated by default.

Request a demo View pricing