SecOps walkthrough

Spike. Correlate.
Revoke in one Reaction.

A failed-login alert lands. The platform correlates it with two SoD-relevant Actions by the same actor in the same window. The on-call engineer approves the response set. Sessions revoke, MFA is forced, a ServiceNow P2 incident files, and the entire chain is one immutable audit row.

Walkthrough · 1 of 4

A SIEM webhook fires when failed-login attempts on a privileged account cross the configured threshold. The Mailbox connector picks it up and triggers the failed-login-response Chain.

quadrazene.app/mailbox

quadrazene v0.2.1

Quadrazene

ReactorComposeRecipesInboxGovernanceRecords

⌘K

Inbound · 04:18:21 UTC

Source: SIEM webhook (sentinel-prod) · Severity: high

{
  "rule":   "auth.failed-login.threshold",
  "actor":  { "id": "u-2812", "role": "privileged-ops" },
  "count":  19,
  "window": "10m",
  "source": [ "203.0.113.41", "198.51.100.7" ],
  "since":  "2026-05-30T04:08:12Z"
}

Trigger

Mailbox routing rule matched rule = auth.failed-login.threshold → fires Chain failed-login-response.

mailbox-pollerinsights-correlatorpolicy-evaluatoractions-revoke-sessionservicenow-incident-creator

Live walkthrough — click a button or use the rail to navigate.

What you just saw

Wire your SIEM into the loop.

Request a demo

Spike. Correlate.Revoke in one Reaction.

Three surfaces, one SecOps loop.

Governance

Inbox · HITL

Records

Wire your SIEM into the loop.

Spike. Correlate.
Revoke in one Reaction.