Help Center← Back to Dashboard
Getting Started
What is Aithroyz?Quickstart: First EnvironmentCloud CredentialsPlans & Approvals
Environments
OverviewLifecycle PhasesTTL Auto-DestroyExtending TTLDestroying an Environment
Tools Reference
OverviewElastic Stack (SIEM)Wazuh (XDR)MITRE CalderaTheHive & DFIR-IRISVelociraptorOpenCTIGrafana + PrometheusShuffle SOARn8nUptime KumaLLM GatewayOpen WebUIFlowiseOpenClawOllamaQdrantLangfusePortainerGiteaSonarQubeCode ServerMattermostMinIOMetabaseHashiCorp VaultKeycloak SSONetBoxLocalStack
Access & Security
Google SSOTenant IsolationPasskeys & MFATeam Members
API & Integrations
API KeysMCP Tools (Clevername)Terraform ExportWebhooks & Callbacks
Stack Presets
SOC PlatformIR / DFIR LabThreat HuntingQuick Sandbox
Settings
Cloud KeysAPI KeysBillingAudit Log
Troubleshooting
Common IssuesDeployment FailuresDNS & ConnectivityTool Health Checks
Aithroyz Help
Help CenterGetting StartedWhat is Aithroyz?

What is Aithroyz?

Aithroyz is an AI-powered platform that provisions production-grade Security Operations Center environments on demand — fully pre-wired, pre-configured, and ready to run in under 20 minutes.

The one-line pitch: Instead of spending days or weeks configuring Elastic, Wazuh, Caldera, and a dozen other tools to work together — Aithroyz does it in one click, on your cloud account.

What problem does it solve?

Building a realistic SOC lab — the kind you'd use for security training, red team exercises, incident response drills, or selling proof-of-concept demos — traditionally requires:

  • Manual VM provisioning across multiple cloud providers
  • Hours of YAML configuration for each tool
  • Debugging inter-tool integrations (Elasticsearch → Kibana → Filebeat → Wazuh, etc.)
  • Setting up SSL certificates, DNS, reverse proxies, and SSO
  • Writing startup scripts that work reliably every time

Aithroyz replaces all of that with a plan form, an approval click, and 8–20 minutes of automation. Every environment is fully isolated on your GCP account, protected by Google SSO, and accessible via HTTPS on your own subdomain.

How it works

1
You choose your tools
Pick from 18 available tools — or use a preset like SOC Platform, IR/DFIR Lab, or Threat Hunting.
2
AI generates a plan
Aithroyz computes your resource requirements, estimated cost, and deployment topology. You review it before anything is created.
3
Operator approves
An operator reviews and approves the plan — via the dashboard or mobile. No cloud resources are touched until approval.
4
OpenTofu deploys your infrastructure
The Aithroyz provisioner runs OpenTofu (open-source Terraform) on your GCP credentials. VPC, VMs, DNS records, and all tool configurations are created automatically.
5
You access your tools
Each tool gets its own HTTPS subdomain under ops.aithroyz.com. Google SSO protects everything. Credentials are shown in the dashboard.

Use cases

🎓
Security Training
Spin up a realistic lab for Blue Team or Red Team exercises without the setup overhead.
🎯
Red Team Drills
Use MITRE Caldera to run ATT&CK emulations against your own controlled infrastructure.
🔍
Incident Response
Practice DFIR workflows with Velociraptor, TheHive, and DFIR-IRIS wired together out of the box.
📊
PoC Demos
Show customers a working SOC stack without months of deployment work.
🔬
Research
Reproduce threat scenarios, test detection rules, and iterate fast — then destroy when done.
✓
Ready to deploy? Follow the Quickstart to have your first environment running in under 20 minutes.
Related Articles
Quickstart: First EnvironmentRead article →Tools OverviewRead article →Stack PresetsRead article →