Silence the unknown Oblivax
Open-source SOC powered by custom detection rules and deep threat emulation
About Us
What is Oblivax?
Oblivax is a next-generation security operations center (SOC) framework built on top of the open-source SELKS stack. While rooted in transparency and community-driven technology, Oblivax goes further by integrating a proprietary rule development program — Oblivax Forge — where advanced threats are recreated, analyzed, and transformed into precise detection mechanisms.
Open-source foundation
Built on the proven SELKS stack (Suricata, Elasticsearch, Logstash, Kibana, Scirius).
Custom rule development (Oblivax Forge)
In-house rules crafted through hands-on threat replication, traffic capture, and malware analysis.
Operational clarity
Whether you're a SOC analyst or an incident responder, our interface and rule logic are designed to reduce noise and highlight true threats.
Detection with context
Our rules are based on real-world behavior, not just static patterns.
Oblivax Forge
What is Oblivax Forge?
Oblivax Forge is our internal engine for precision detection — a full-spectrum rule development pipeline that goes far beyond automated feeds. Through live threat emulation, traffic capture, reverse engineering, and behavioral analysis, we generate high-fidelity Suricata rules that identify what others overlook.
- Step 1: Threat intelligence & CVE selection We start by identifying relevant vulnerabilities and attack methods from OSINT, CVE databases, exploit kits, and malware repositories.
- Step 2: Controlled emulation Each threat is recreated in a sandbox environment to observe its behavior and payload delivery.
- Step 3: Traffic capture & inspection We use tools like Wireshark, Zeek, and tcpdump to capture packet-level activity for forensic and signature analysis.
- Step 4: Reverse engineering We deconstruct payloads, binaries, and scripts to locate unique strings, protocol anomalies, TLS patterns, or other signature-worthy elements.
- Step 5: Rule drafting & tuning Rules are authored in Suricata syntax, then optimized to minimize noise, avoid redundancy, and trigger only under clear malicious conditions.
- Step 6: Testing & validation Each rule undergoes replay testing in various environments to ensure accuracy and low false-positive rates.
Our mission
Our mission is to bridge the gap between open-source flexibility and enterprise-grade detection. We believe that defenders should have full visibility into their tooling, and that true detection capability comes from context-rich, tailored rule creation.
Built on battle-tested foundations Oblivax is built on top of the SELKS platform — an ecosystem of: - Suricata (IDS/IPS) - Elasticsearch - Logstash - Kibana - Scirius . This stack enables efficient network security monitoring and deep visibility. What sets Oblivax apart is how we extend this with in-house rule engineering through Oblivax Forge.
Rule example – CVE-2023-21990 (Java RCE)
alert http any any -> any any ( msg:"Oblivax Forge - CVE-2023-21990 RCE attempt"; flow:to_server, established; content:"POST"; http_method; content:"/vulnerable/endpoint"; http_uri; content:"rce_payload_marker"; http_client_body; sid:4100001; rev:1; )
- This rule was created after fully reproducing the exploit in a lab and analyzing the resulting POST payload pattern.
Transparency
At Oblivax, transparency is a foundational principle — not just in how we communicate, but in how we build. We believe in open infrastructure, reproducible detection logic, and clear attribution of the technologies we depend on. This page outlines the core components of our platform, how we build upon them, and what remains proprietary.
Built on SELKS
Oblivax is based on the open-source SELKS stack developed by Stamus Networks. SELKS includes:
- Suricata (IDS/IPS engine)
- Elasticsearch (data indexing and search)
- Logstash (data pipeline)
- Kibana (visualization dashboard)
- Scirius (rule management UI)
We comply fully with the GNU General Public License v3 (GPLv3) and ensure that all modified or derived components are shared as required by the license.
What We Build Internally
While our foundation is open-source, Oblivax distinguishes itself through internal R&D. We:
- Create custom Suricata rules via our proprietary Oblivax Forge process
- Maintain detection signatures not available in public feeds
- Design tuning strategies to adapt open-source rules for real-world use cases
These proprietary components are developed, tested, and maintained in-house. We do not bundle them with SELKS directly, but integrate them within our own managed framework.
Contribution & Collaboration
We aim to support the community that made Oblivax possible. Where possible, we:
- Contribute bug fixes or enhancements back to relevant open-source projects
- Document our architecture and deployment principles clearly
- Disclose usage of any third-party code in our stack
Legal & Licensing
Open-source license compliance
Oblivax incorporates and builds upon technologies licensed under the GNU General Public License version 3 (GPLv3), primarily via the SELKS project developed by Stamus Networks. We fully respect and comply with all terms and conditions required by the GPLv3, including:
- Clear attribution to the original authors and maintainers
- Source code availability where modifications are made
- Unrestricted rights for users to inspect and reuse open components under the same license
"This product includes software developed by the SELKS project (https://github.com/StamusNetworks/SELKS)."
Proprietary components
While Oblivax is built on a GPL-licensed stack, the following components are developed in-house and remain proprietary:
- Custom Suricata detection rules developed via Oblivax Forge
- Integration, automation, and orchestration scripts
- UX/UI logic and visualization enhancements not included in SELKS
These elements are not derived from GPL components and do not require distribution under the GPL.
Trademarks & brand
"Oblivax" and the Oblivax logo are proprietary marks used to identify the project and its components. They may not be used without prior written permission for promotional, commercial, or derivative use.
We do not claim ownership or rights over the SELKS name, logo, or project.
Liability & disclaimer
Oblivax is provided "as is." While we strive for accuracy and reliability, we disclaim any liability for damage or loss caused by the use of this platform or its detection rules.
Contact
For legal questions, attribution inquiries, or licensing clarification, please contact us at:
Email: [email protected]
Plans & Deployment
🧩 Modular Selection
Pick only what you need. Perfect for businesses that want to start small and expand later. custom pricing per module.
Request a quoteNo credit card required
- oblivax monitor
- oblivax vulnerability scanning & reporting
- oblivax ids/ips
- oblivax forge (custom rules)
Popular
🛡 Complete Protection
Full solution, better value.Bundled for maximum protection at a reduced cost.
Request a quoteNo credit card required
- all oblivax modules included (monitor, vuln scan, ids/ips, forge)
- 24/7 monitoring
- full reporting & dashboards
- custom rules and incident response
- customer dashboard (alerts, scans, incident reports, rule updates)
- monthly executive reports
🖥 Deployment Options
Where do you want Oblivax to run? choose between full control or full management.
Request a quoteNo credit card required
- 🔹 On your infrastructure
- (ISO / OVA image installation)
- 🔹 On Oblivax managed servers
- (plug-and-play, no maintenance required)
Frequently Asked Questions
everything you need to know about deploying oblivax
1. Can I start with a single module and expand later?
Absolutely. With Oblivax, you can start with a single module such as Oblivax Monitor, and add additional modules like Vulnerability Scanning & Reporting, IDS/IPS, or Oblivax Forge whenever your business requires them. The system is designed to be modular and scalable, ensuring that expansions are seamless and without the need for a complete system reinstallation.
2. What is the difference between on-premises deployment and managed hosting?
Oblivax offers two deployment models: On-Premises Deployment: You receive an ISO or OVA image to install directly on your own infrastructure. This option gives you complete control over your data, operations, and system customization. Managed Hosting: Oblivax deploys and manages your environment on our secure servers. You benefit from a plug-and-play setup, automatic updates, 24/7 monitoring, and no infrastructure maintenance responsibilities. Both options include full access to your monitoring dashboards and incident alerts.
3. Does the Complete Protection package include technical support?
Yes. The Complete Protection package comes with 24/7 premium technical support, including: Real-time incident response assistance Security tuning and onboarding sessions Ongoing system updates and rule optimizations Priority access to security analysts for custom investigations You also receive full access to the Oblivax Customer Dashboard, where you can track alerts, scans, incidents, and system performance in real time.
Oblivax Forge
What is Oblivax Forge?
Oblivax Forge is our precision-engineered rule creation pipeline. Unlike automated feeds, Forge relies on deep manual research, live attack emulation, traffic analysis, and reverse engineering to craft context-rich, high-fidelity Suricata detection rules that stop real threats — not just the obvious ones.
- Track and analyze emerging CVEs, malware samples, and live exploit trends.
- Recreate real-world attacks in controlled, secure sandbox environments.
- Capture detailed network traffic using Wireshark, Zeek, and custom sniffers for forensic analysis.
- Reverse engineer payloads, binaries, scripts, and protocols to extract meaningful indicators.
- Draft Suricata rules focused on precision: minimal false positives, maximum context.
- Validate every rule through rigorous replay testing against multiple real-world datasets and scenarios.
Oblivax Monitor
What is Oblivax Monitor?
Oblivax Monitor is a fully managed, 24/7 detection and alerting service powered by the same advanced rule engine used internally by Oblivax. It provides real-time network monitoring, triage, and threat escalation, helping organizations stay ahead without being overwhelmed by false positives.
- Real-time monitoring of Suricata alerts, correlating events with threat intelligence feeds.
- First-level triage to distinguish real threats from noise, reducing the load on your internal team.
- Verified threat escalation based on defined SLAs and event severity.
- Weekly or daily reporting, providing summaries of detected threats and actionable recommendations.
- Deployment via secure VPN or TLS-forwarded event streams; no permanent infrastructure access required.
- Optional integration with customer SIEM, SOAR, or incident response playbooks.
Oblivax IDS/IPS
What is Oblivax IDS/IPS?
Oblivax IDS/IPS combines the proven power of Suricata with custom, real-world validated rules from Oblivax Forge, delivering smarter intrusion detection and active prevention tailored to modern threats.
- Built on Suricata – the leading open-source IDS/IPS engine, battle-tested and trusted globally.
- Enhanced with Oblivax Forge rules based on live threat emulation and malware reverse engineering.
- Behavioral detection beyond static signature matching — identify anomalies and advanced attack patterns.
- Full inspection of protocols: TLS, DNS, HTTP/HTTPS, and custom application layers.
- Flexible deployment: ISO/OVA image for on-premises use or cloud-hosted plug-and-play setups.
- Easy integration with existing SIEM, SOAR, or incident response workflows.
Oblivax
What is Oblivax Vulnerability Scanning & Reporting?
Oblivax Vulnerability Scanning & Reporting helps organizations uncover weaknesses before attackers do. Through precision scanning and expert validation, we detect CVEs, misconfigurations, and insecure services, providing clear, prioritized remediation paths.
- Comprehensive scanning of operating systems, services, web applications, and network devices.
- Identification of known vulnerabilities (CVEs), default credentials, SSL/TLS misconfigurations, and insecure services.
- Optional credentialed scans for deep system inspection and patch validation.
- Context-aware threat classification and scoring, prioritizing real-world risk over generic CVSS scores.
- Manual analyst verification of critical findings to reduce false positives and noise.
- Clear, actionable reports delivered in PDF, dashboard view, or exportable formats for SIEM integration.
Ready to upgrade your detection?
Address
Splaiul Independenței 319, București 060044
Call Us
+40 0728 126 447