Q1: we shipped the ThreatGhost core
Q1 was about proving we could deliver an end-to-end SecOps flow in one console — not a slide deck. We focused on the path from raw telemetry to something an analyst can act on.
We shipped multi-format log ingestion (paste, file, API, syslog), normalization, and rule-based correlation with new detections for password spray, token abuse, and privilege escalation.
On top of that: a Kanban incident board, SOAR-style actions with admin/analyst roles, investigation timelines with PDF export, and THREATGHOST AI with LLM for log analysis and triage assistance.
Twelve intense months of building taught us that demos only matter when the backend is stable. Q1 gave us a platform we can put in front of real teams — which set up Q2.
Places are limited. We prioritize teams with a clear SecOps need (SOC, MSP, or internal security) and willingness to share structured feedback.