System active and operational

Become your clients' SOC. Without building one.

Fenrir brings the AI of a Security Operations Center to your clients' servers, WordPress sites and endpoints. One multi-tenant console. The AI monitors, detects and responds 24/7 in graduated autonomy — you supervise and put your brand on it.

Become a partner See how it works
fenrir — live monitoring

// 1 SOC, N sensors

One AI brain, all your sensors

Fenrir is an AI-driven Security Operations Center. One brain that analyzes, classifies and responds — fed by lightweight sensors on every surface of your clients.

Server

Linux/macOS agent: SSH, nginx, auth, firewall, syslog monitored every second.

See the tiers →

WordPress

Plugin that brings clients' sites into the same SOC, with AI investigation.

Discover Fenrir for WordPress →

Endpoint

Microsoft Defender / M365 managed as an MDR service, in the same console.

Discover MDR →

// For MSPs

Why MSPs choose Fenrir

Tools built for those who deliver security as a service: unified console, white-label, AI Tier-1 24/7.

Multi-tenant

All clients in one console. Add a client in 15 minutes.

Your brand

White-label: you deliver the SOC, under your name.

Fewer man-hours

The AI handles Tier-1 24/7 — detection, triage, low-risk response. You step in only where needed.

Recurring margin

Resell on subscription. Transparent tiers, no surprises.

Data in Italy

Sovereign on-premise. NIS2, GDPR and ISO 27001 verified daily.

// How it works

From threat to protection in milliseconds

Five stages, fully automated. Zero manual intervention.

01

Monitor

6 real-time sources: SSH, web, auth, firewall, syslog, services

02

Detect

Advanced pattern matching identifies anomalies and known threats

03

Classify

AI evaluates the threat level with a confidence score

04

Act

Automatic IP blocking, firewall updates, process quarantine

05

Report

NIS2/GDPR/ISO 27001 reports ready to hand to your clients, under your brand.

// Automated compliance

GDPR and ISO 27001 verified every day. Automatically.

The key differentiator: compliance not as a checklist, but as a continuous process integrated into operational security.

  • PDF reports for the DPO — Professional documentation ready for audits and inspections
  • Automatic 72h breach notification — GDPR-compliant workflow from detection to notification
  • Complete audit trail — Every action logged, every decision traceable
  • Continuous verification — Automated checks on 50+ security parameters every 24 hours

Compliance Dashboard

2026-03-23 08:00 CET
0%
GDPR
0%
ISO 27001
Data-at-rest encryption Compliant
Log retention policy Compliant
Backup integrity verification Warning
Privileged access MFA Non-compliant

// Features

Everything you need to protect your infrastructure

Nine integrated modules. One intelligent agent.

6 Real-time monitors

SSH, Nginx, auth, firewall, syslog and services monitored every second.

AI classification

Artificial intelligence model that analyses and classifies every threat with a confidence score.

Automatic IP blocking

Graduated autonomy: automatic block, approval-based or log-only depending on confidence.

Advanced Telegram Bot

Over 20 commands to manage security directly from your phone. Wherever you are.

Daily digest

Automatic report every morning with detected threats, actions taken and compliance status.

Discovery and hardening

Automatic infrastructure scanning with prioritised hardening recommendations.

GDPR breach notification

Complete workflow for 72-hour notification: detection, impact analysis, communication.

Professional PDF reports

Compliance documents ready for DPO and Board of Directors. Fully brandable.

Autonomous response

Five revertible actions (kill process, file quarantine, stop service, network isolation, package rollback) gated by analyst confidence and one-click revertible from Telegram. Disabled by default, mandatory dry-run in first week.

// Protection in action

What happens when your server is attacked at 2 AM

Real scenario: an SSH brute-force attack. You sleep. Fenrir doesn't.

02:00

SSH brute-force begins

458 login attempts from IP 203.0.113.42 in 30 seconds.

02:01

Fenrir detects the pattern

The SSH monitor identifies the attack pattern and generates an event.

02:01

AI classifies the threat

Confidence score: 94%. Category: brute-force. Risk: critical.

02:01

IP blocked automatically

Firewall rule added. The attacker can no longer reach the server.

02:01

Telegram alert sent

Full notification with threat details, action taken and link to report.

You sleep. The server is protected.

Total response time: < 1 second

// Automation levels

Graduated autonomy, total control

Fenrir acts autonomously only when confident. Otherwise, it asks for confirmation.

> 90% confidence

Automatic

Immediate block without human intervention. The action is executed and notified.

SSH brute-force, known scanners, botnets
60–89% confidence

Approval

Telegram alert with confirmation request. One tap to approve or dismiss.

Suspicious IPs, unusual patterns, new vectors
< 60% confidence

Log only

The event is logged and included in the daily digest. No automatic action.

Low anomalies, likely false positives

// Why Fenrir

It's not an antivirus. It's not a firewall.

It's an intelligent security agent, designed for European companies.

Built-in compliance

GDPR and ISO 27001 are not an add-on. They are integrated into the core of the system. Every action generates documentation.

Made for European companies

Reports, alerts and interface designed for European regulatory requirements. GDPR-native from the ground up.

Reports for DPO and Board

Professional documents ready for audits, regulatory inspections and Board of Directors presentations.

Telegram-first

Manage all security from your phone. Approve actions, check reports, receive alerts. Wherever you are.

AI that learns your server

The AI model adapts to your server's normal behaviour, reducing false positives over time.

Zero trust, full control

Installed on your servers. Your data stays yours. No external cloud. Full control over your infrastructure.

// Supported platforms

Works where your servers run

Compatible with all major enterprise Linux distributions and macOS Server. One agent, any infrastructure.

Ubuntu
Ubuntu
22.04 LTS+
Compatible
Red Hat
Red Hat Enterprise
RHEL 8+ / CentOS / AlmaLinux
Compatible
SUSE
SUSE Linux
SLES 15+ / openSUSE
Compatible
Debian
Debian
11 Bullseye+
Compatible
macOS
macOS Server
Ventura+
Compatible
Fenrir

// Your Guardian

Always vigilant. Always active.

Fenrir protects your infrastructure 24/7 like an alpha wolf protects its pack.

< 1s
Response time
24/7
Continuous monitoring
50+
Security checks
0
Manual intervention required

// Pricing

Three tiers, transparent pricing, no surprises

All tiers include GDPR / NIS2 / ISO 27001 readiness, live dashboard, Telegram alerts, sovereign on-premise. The AI model and support tier are what change.

Standard
€49 /server
// per month · VAT excl.

For the SMB that wants to be NIS2-ready without breaking the budget.

  • 9 monitors + on-premise AI analyst
  • Up to 10 servers
  • Live dashboard + Telegram alerts
  • GDPR / NIS2 / ISO 27001 compliance
  • Email support within 48h
Request demo
Most picked
Premium
€99 /server
// per month · VAT excl.

Stronger reasoning via frontier AI — fewer false positives, sharper investigations.

  • Everything in Standard, plus:
  • frontier AI analyst
  • Autonomous response (5 revertible actions)
  • Up to 30 servers
  • Multi-tenant dashboard
  • Hardening review at onboarding
  • Email support within 24h
Request demo
Sovereign+
€199 /server
// per month · VAT excl.

For organisations under NIS2 management liability (Art. 20) where a false negative is unacceptable.

  • Everything in Premium, plus:
  • frontier AI analyst, top tier (audit-grade)
  • Unlimited servers
  • DPIA + audit pack drafted by P3 DPO
  • Direct phone within 4h
Request demo

One-time setup fee:: €1,500 Standard · €3,000 Premium · €5,000 Sovereign+ — covers install, baseline and playbook tuning.
AI API costs are billed to the customer. Typical range: €1–10/mo for Standard, €10–50 for Premium, €50–300 for Sovereign+ depending on HIGH/CRITICAL alert volume.

FAQ

Does Fenrir help with NIS2 compliance?

Yes. Fenrir automatically generates evidence for NIS2 obligations: immutable logs, incident management, a privileged-access register and asset classification. The reports are ready to be submitted to ACN within the 24- and 72-hour deadlines set by the directive.

Does it run on-premise without exposing data to foreign clouds?

Yes. Fenrir is a sovereign agent: it runs on-premise on your Ubuntu, Red Hat, SUSE, Debian or macOS servers. No data leaves your infrastructure, in line with GDPR and the national ACN cloud strategy. The AI analysis can also run entirely locally, on-premise.

Does it replace an external SOC or an MSSP?

Fenrir covers the Tier-1 level: detection, automated investigation and low-risk response. For complex scenarios (serious incidents, forensics, custom threat hunting) a human MSSP remains complementary. For most SMBs Fenrir is sufficient on its own.

What is the difference between Fenrir and Wazuh, CrowdStrike or SentinelOne?

Wazuh is powerful but requires significant SIEM expertise to make it truly useful. CrowdStrike and SentinelOne also cover servers, but they are enterprise EDR platforms: pricing and complexity out of scale for an SMB, telemetry on their cloud (not sovereign) and no application coverage such as WordPress. Fenrir is designed from day one for SMBs, agencies and system integrators: sensible defaults, deployment in 15 minutes, servers and WordPress sites in the same console, automatic NIS2 compliance, sovereign on-premise.

What are the NIS2 penalties in Italy?

For essential entities up to 10 million euro or 2% of global turnover; for important entities up to 7 million or 1.4%. The directive (Legislative Decree 138/2024) also establishes personal liability for management bodies (Art. 20). For an average Italian SMB, a breach can translate into a 70-100k€ penalty.

Does Linux need a dedicated security agent?

Yes, especially if it is exposed to the Internet. Traditional antivirus is not enough: you need behavioral detection (brute force, baseline drift, known vulnerabilities) and centralized logs for GDPR compliance. Fenrir covers all of this natively, integrating with fail2ban, nginx, systemd and standard system logs.