In the age before memory, the Greeks called him Nereus — the Old Man of the Sea. Not a god of storms or conquest, but of truth. He alone among the immortals could not deceive. He saw what was coming before it arrived, and spoke it plainly to those wise enough to ask. The sailors who sought his counsel did not receive comfort — they received clarity.

That is the name we carry. Every pulse is a whisper from the deep — a signal detected, scored, and converted into a warning before the wave breaks. Not noise. Not conjecture. Foresight, delivered as an alert.

Know Every Threat.
Before It Becomes a Breach.

Nereus Pulse monitors your Windows infrastructure and Azure Entra ID environment in real time. A multi-signal anomaly detection engine scores every event and surfaces prioritised alerts — so your team hunts threats, not logs.

nereus-pulse — live alerts
04/01 03:12:44 CRITICAL Lateral movement detected — WMI exec from DC01 to FILESERVER02
04/01 03:11:58 HIGH New scheduled task created on WORKSTATION-07 outside business hours
04/01 03:10:31 HIGH Pass-the-Hash pattern — NTLM auth with mismatched source host
04/01 03:09:02 MEDIUM Azure sign-in from impossible travel location: London → Seoul (14 min)
04/01 03:07:44 MEDIUM Security-enabled group modified — member added to Domain Admins
04/01 03:06:19 LOW Baseline deviation: 340% above avg logon rate for jsmith@corp.local
REAL Time Alerts
500+ Threat Patterns
Multi Tenant Ready
Platform Capabilities

Everything your SOC needs.
To uncover potential attacks in real time

Purpose-built for Windows-centric on premise environments and Azure Entra ID. No agents to babysit. No alert storms to wade through.

Intelligent Anomaly Detection

Every event is scored across multiple independent signals — time-of-day deviation, source host reputation, privilege escalation patterns, lateral movement indicators, and more. Risk scores are calculated in milliseconds, not minutes.

Windows Event Deep Coverage

Native collection from DC Security logs, Terminal Services, WMI Activity, Task Scheduler, and System logs via a lightweight Windows Service agent. No WEF configuration required.

Azure Entra ID Integration

Sign-in logs and identity events pulled via Microsoft Graph API using Client Credentials OAuth2. Impossible travel, MFA bypass attempts, and risky sign-ins are automatically correlated with on-prem events.

Threat Rule Engine

Built-in rules covering 500+ Windows Event IDs. Define custom rules with pattern matching on any event field. Rules integrate directly into the scoring pipeline and can elevate alert severity on match.

Multi-Tenant Architecture

Full company isolation at every data-access layer. Each organisation gets its own scoped view, billing tier, detection settings, API keys, and team. Operators manage all tenants from a single owner console.

Full REST API

Every action available in the UI is exposed via a versioned REST API with JWT Bearer and API Key authentication. SIEM, SOAR, and ticketing integrations are a webhook away. Interactive Swagger docs included.

How It Works

From raw event to
actionable intelligence.

Four stages, sub-second end-to-end. Your team sees what matters.

01

Deploy the Agent

A lightweight .NET Framework Windows Service is compiled per-tenant, pre-configured with your server URL and credentials, and bundled into a signed installer — downloaded in one click from the portal.

02

Collect & Ingest

The agent streams events from domain controllers and workstations. Azure Entra ID sign-in logs are pulled via incremental Graph API sync. All telemetry lands in Nereus within seconds.

03

Score Every Event

The scoring engine evaluates each event against a live behavioural baseline — time, frequency, privilege, network, identity, and threat rule signals — and assigns a severity from Low to Critical.

04

Alert & Respond

Risk-scored alerts surface in the live dashboard and REST API instantly. Analysts acknowledge, investigate, close, annotate, and share alerts — with a full audit trail and configurable email notifications.