Product · Security

The events your CISO already asks about.

USB inserts, off-hours logins, blocked-site attempts, location anomalies, agent tamper. Auto-triaged by severity, exportable to Splunk / Datadog / your SIEM in one click. Three months of beta with 14 design partners brought our false-positive rate under 2%.

Start free trial → Security center →

SOC 2

type ii

ISO 27001

certified

GDPR

compliant

HIPAA

ready · BAA

CSA STAR

level 2

01 · Events feed

One feed. Severity-sorted.

Every event, in one feed, with severity, type, person, and detail. Acknowledge, escalate, route, or dismiss inline. The audit log records every action.

Severity scoring is tunable per-tenant — you decide what "high" means at your shop
Per-event actions are signed and append-only — no quiet edits possible
Bulk operations: ack 40 low-severity events with one click during your weekly triage

security · events · last 24h · 10 events

14:22USB inserted Kingston DataTraveler 32GB · S/N KDT-A82F1 jonas-x1 high

13:48Blocked site pirate-bay.org · auto-blocked by policy layla-x1 low

11:02Off-hours login Active 11:14pm local (Beirut) yara-mbp14 med

09:34Location flip Berlin → Lisbon · within 4h diego-mbp14 med

08:17Policy change Screenshot interval 60s → 120s · audited daniel-p14s low

22:51 −1dAgent uninstall Uninstall attempted · prevented · escalated diego-mbp14 high

18:09 −1dUSB inserted Logitech Receiver · allow-listed liu-e14 low

16:42 −1dBlocked site tiktok.com · 12 attempts in 30m camila-air low

02 · Event types

Twelve event types. No noise.

We started with 36 candidate events and pared them down to the 12 that actually generate signal. Each one ships with a default severity, an editable threshold, and a documented detection.

Detection algorithms are documented — no black-box "AI-powered" theatre
Anomaly events are 3σ from the person's own baseline, not a fleet-wide average
Each event type can be disabled per-tenant if it doesn't apply to you

security · event types · severity

USB inserted · unknown device

Triggers when a non-allow-listed USB device is mounted. Auto-block on policy.

Agent tamper / uninstall

Any attempt to stop, replace, or remove the agent. Auto-escalated.

Off-hours login

Active session outside the policy window for their timezone.

Location flip

Logins from two cities within an implausible window (default 4h).

Idle-while-clocked

Sustained idle > 3σ from the person's own baseline.

New device enrolled

First-seen device for a person — requires admin ack.

Blocked site

Attempted access to a policy-blocked domain. Aggregated.

Policy change

Admin-side config delta. Captured for the audit log.

03 · SIEM export

Pipe straight into Splunk, Datadog, anything HEC.

Every event is also available as a real-time stream. Configure once, attach a webhook secret, and the events show up in your existing tooling — sub-second latency for high-severity.

HMAC-SHA256 signed payloads with optional mutual-TLS
Native integrations for Splunk HEC, Datadog Logs, Sumo Logic, Elastic, Snowflake
Replay window: 7 days of events available for backfill if your sink was down

security · pipeline · real-time

agent

macOS · Win · Linux

~120ms p99

→

prodview

classify · score · sign

~80ms p99

→

your siem

splunk · datadog · …

end-to-end < 1s

# wire splunk HEC in 30 seconds
prodview sinks add splunk \
  --url "https://splunk.acme.com:8088" \
  --token $SPLUNK_HEC_TOKEN \
  --filter "severity in (high, medium)"

● ready when you are

Sleep easier on Sunday night.

21 days free · all event types · SIEM export included on Business tier.

Start free trial → Security center