OSCAR – The Security Operations Center for OT and IT


OSCAR – The Security Operations Center for OT and IT

The basis of OSCAR is the Elastic Search Enterprise License and Elastic Cloud. OSCAR is available in a basic version and a premium version. In the basic version of OSCAR, 3 pipelines work event-based, signature-based and AI-based. In the basic version, the functionality of the AI ​​pipeline extends to general anomaly detection. In the premium version, OSCAR is completely AI-controlled. The SOC alerts on panels, via email and via SMS. Our dashboards are not standard dashboards but rather dashboards developed with a lot of effort. From Kibana, the data flows into various environments, such as the SOAR environment, the ticketing or a mini incident management environment. OSCAR’s automation is variable as the customer wishes. OSCAR can further integrate various OT sensors for different industries to provide business security services. At this point in time we use integrated OT sensors for all moving participants in OT as well as for medical use.

Explore More

OSCAR – stands for Open Security Control Automation and Response. OSCAR is M2I’s Security Operations Center based on the Elastic Search Enterprise Version or Elastic Cloud. We offer different SOC variants for different budgets. OSCAR’s kernel is very low-maintenance. OSCAR is one of the first fully AI-driven SOCs in the world.We provide OSCAR with a Thread Detection based on events and signatures with an AI which primarily serves for anomaly detection, as well as a full Ai controlled version of OSCAR

View architecture drawing :


  • Integration of endpoint security tools
  • Anomaly detection
  • Processing of high security threads with the help of artificial intelligence
  • Real-time IoC detection
  • Thread Intelligence
  • Secure token service for the components in the SOC
  • Container security
  • Test automation and replay components
  • Automatic exploit testing
  • Workflow engine with rules/use cases
  • Incident case management
  • Calculation of the riskiest threads and derivation of economic countermeasures
  • MitreAttack
  • Database activity monitoring
  • Vulnerability Assessment System
  • Trouble ticket system connection / API
  • Comprehensive automated risk management
  • Vulnerability scans
  • CMDB and assets (SOC readiness)
  • Honeypots and chaff bugs
  • Isolation
  • Automated binary patching
  • Automated patching
  • Manual patching
  • Exploit testing
  • Database of risks and countermeasures
  • Virtualization with Docker and Kubernetes
  • DevOps-style work packages to automate common activities

Our development takes place in Germany. Our development team is very well trained and follows the latest common standards in development and programming.