Triage, investigate, recommend.You approve.
Wedgex is the AI SOC that investigates every alert from start to finish in minutes, shows you the full trace and reasoning, and proposes containment for a human to approve. Built and backed by Gridware, Australia's established cyber team.
- 24/7
- always-on coverage
- Minutes
- per alert, end to end
- 99%+
- threats identified
- 10×
- analyst productivity
Three problems your current setup cannot solve at the same time.
Whether you have ten analysts or none, the same three forces are pulling against each other. The alert volume keeps climbing. The headcount does not. And the AI tools meant to help mostly close alerts on their own and ask you to trust the result.
Too many alerts. Not enough analysts.
Volume goes up every quarter. Hiring is hard, expensive and slow. Senior analysts end up on the same front-line triage as your junior analysts, when they should be on work that actually needs their judgement.
AI you cannot audit, cannot defend.
Most AI SOC tools close alerts on their own and produce a one-line summary. That works until the board, an auditor or the regulator asks how a specific decision was made. "The model decided" is not an answer.
Offshore SOCs cannot keep up.
Outsourced analysts work to a generic runbook, in a different time zone, with no real context on your environment. By the time an escalation comes back, the window to act has often closed.
One agent. Three phases. Every step on the record.
Wedgex runs the same three-phase investigation on every alert it touches. Each phase produces evidence you can read, in the order it was gathered, with every tool call and every result preserved.
- Phase 01 Typical · <10s
Enrichment
Strictly deterministic
Pulls events from your connected SIEM, EDR, and other alert sources. Aggregates related activity, surfaces related alerts in recent history, and checks observed indicators against your threat intel. No AI in this phase, so nothing can be made up.
- Phase 02 Typical · 30–90s
Investigation
Reasons, pivots, confirms
The agent tackles the alert the way a senior analyst would. It forms hypotheses, pivots from one entity to the next, follows the evidence across your stack, and confirms or rules out each theory as it goes. Every step and every result is written to the trace as it happens.
- Phase 03 Typical · <10s
Disposition
Risk, confidence, action
The agent assigns a risk level, a confidence level and a recommended action: escalate, close, verification required, or monitor. It cites the specific evidence and lists what a human still needs to check. Critical and high-risk alerts can never be auto-closed.
Containment never runs until an analyst clicks approve.
Watch the agent move through enrichment, tool calls and disposition on a real alert.
Less playbook. More judgement.
SOAR promised automation. What most teams got was a second full-time job: writing playbooks, maintaining playbooks, fixing playbooks every time an attack shifted shape. Wedgex reasons over evidence instead of branching through pre-written gates, so there is nothing for you to keep up to date.
-
A playbook for every alert type
-
Engineers maintain branches forever
-
Brittle the moment an attack changes shape
-
Yes / no gates with no context
-
Months to stand up
-
One agent that reasons from evidence
-
Learns from your team's own verdicts
-
Generalises across patterns
-
Risk, confidence and recommended action, with the evidence cited
-
Connected in hours
You stop maintaining a robot. You start working with an analyst.
Everything the front line does. Without the front line.
Triage, response, threat intel, copilot and the analyst surface on every device. All in one product, all sharing the same evidence, all on the same audit log.
Autonomous triage
Every alert investigated end to end in minutes. Risk, confidence and recommended action, with the evidence the agent relied on cited inline. Re-triages automatically when severity changes.
Human-approved response
Wedgex proposes the action with the target, the evidence and the justification spelled out. An analyst approves or rejects. Available actions follow what your connected platforms can do.
Analyst chat copilot
Open a chat on any alert and ask the agent anything. It has the full investigation trace, runs the same tools, and can propose response actions or suppression rules inline.
Threat intel, including your own
Lookup across IPs, domains, hashes, URLs and CVEs. Ships with OTX, MISP and AbuseIPDB, and supports bring-your-own feeds. Every alert auto-correlated on ingestion.
Built-in cyber expertise
Wedgex reasons from the same methodology Gridware's SOC and DFIR teams use every day. Patterns from real cases are encoded into the agent's reference knowledge.
Adapts to your environment
Wedgex learns from your team's previous verdicts and the context of your organisation: which assets matter, what is normal after hours, which service accounts are known-good.
Mobile-first analyst surface
The full workflow on your phone. Triage queue, alert detail, response approvals, chat copilot. Built for the on-call lead who needs to make the call from anywhere.
Plugs into your stack
Connects to the major SIEMs and EDRs: Splunk, Microsoft Sentinel, QRadar, CrowdStrike, SentinelOne, Defender. Add your own connectors, custom tools and MCP servers as you need.
The same brain that triages your alerts, now in a chat panel.
Ask anything. The agent has the full investigation trace already in its context, runs the same tools it uses for autonomous triage, and can propose containment or suppression rules inline. Approve in the thread.
Wedgex sits at the centre, never alone.
The agent pulls from every platform you have connected, proposes actions back through them, and every step is written to an audit log that wraps the whole system.
Australia's cyber team.
In the box, and on the phone.
Wedgex is built by Gridware, an established Australian cyber consultancy with a full SOC and DFIR practice. Gridware shows up in two places: inside the product, and beside your team.
Inside the agent
The investigation methodology Wedgex runs is the same one Gridware's senior analysts use. Patterns from real incidents and DFIR engagements are encoded into the agent's reference knowledge. The agent is not starting from scratch on day one, because the experience of a working SOC is already in it.
Beside your team
When the AI is not enough, the Gridware DFIR and SOC team picks up. Real people, in Australian time zones, who built the methodology the agent runs on. Escalation paths and incident response retainers available for the moments that need a human.
For organisations that prefer a managed model, Gridware can run Wedgex on your behalf.
Built for the team you have.
Or the team you do not.
One product, two ways to run it, the same outcome at the end. A SOC function that actually works for your organisation.
A SOC where one was not viable.
You are the security function. There is no second analyst to escalate to, no overnight shift, no second pair of eyes. Wedgex gives you a SOC: every alert investigated, the noise filtered out, only the things that need your judgement surfaced to you. Gridware sits behind you for the calls you should not have to take alone.
- Every alert investigated, not just the ones you have time for
- Hours back in your week, every week
- A defensible answer ready for every decision you closed out
Senior people doing senior work again.
You have analysts, but they spend their day on work that is below their pay grade. Wedgex handles the front-line triage so your team handles the investigations that actually need them, with the full evidence trail already laid out when they pick it up. MTTR goes down. Attrition goes down. Your senior people get to do senior work again.
- 10× more alerts triaged per analyst
- Front-line work handled before it reaches the human queue
- An audit-ready trail behind every alert your team closes
Built for the way Australian organisations have to report.
Every decision Wedgex makes is recorded. Every action your team approves is recorded. The result is a trail you can hand to an auditor, the board, or the regulator without preparing for it.
- 01:30:15agentTRIAGE_COMPLETEDsplunk-55320 · monitor
- 01:30:18j.kellyACTION_APPROVEDcontain-host SRV-APP-05
- 01:30:21agentRULE_PROPOSEDsuppress firewall-deny-tier
- 01:30:24r.taylorALERT_CLOSEDsplunk-55318
- 01:30:27agentTRIAGE_COMPLETEDsplunk-55321 · escalate
Full audit trail
Every tool call, every piece of evidence, every disposition, every approval and rejection, persisted permanently and queryable.
Role-based access
Admin, analyst and viewer roles with route-level enforcement. Token versioning invalidates access the moment a role or password changes.
Australian data residency
On-premise deployment keeps your data inside your own network. Managed deployment stays in Australian regions.
Aligned to your frameworks
Essential Eight, ISO 27001, APRA CPS 234 and the SOCI Act. Wedgex produces the evidence your compliance program already needs.
No destructive action without approval
Write-capable tools are never exposed to the agent. The only path containment can run is through an analyst clicking approve.
See Wedgex triage
a live alert.
Thirty minutes with the Gridware team. We run Wedgex on a real alert, walk you through the full investigation trace, and answer any question about the architecture, the audit log or the deployment options. No slide deck.