# SecureCloud Platform Documentation

📍 **Navigation:** Home SecureCloud Platform Overview

SecureCloud Platform Documentation

 [Skip to main content](#main-content)

# SecureCloud Platform Documentation

 Last updated: October 28, 2025
 15 min read

ℹ️ **INFO:** Preview notice: SecureCloud Platform v2.0 is now in public preview. Features and pricing may change before general availability.

## What is SecureCloud Platform?

 SecureCloud Platform is a cloud-native security information and event management (SIEM) solution
 that helps organizations detect, investigate, and respond to threats across their entire digital
 infrastructure. Built on a scalable, AI-powered architecture, SecureCloud provides real-time
 visibility and intelligence to security teams worldwide.

 With SecureCloud Platform, you can:

 - **Collect data at scale:** Ingest security data from any source - cloud services, on-premises infrastructure, IoT devices, and third-party applications

 - **Detect threats faster:** Leverage machine learning and built-in threat intelligence to identify sophisticated attacks

 - **Investigate efficiently:** Use powerful query language and visualization tools to understand the full scope of incidents

 - **Respond automatically:** Orchestrate response workflows and integrate with your existing security tools

## Key Features

 📊
 
### Unlimited Data Ingestion

Collect and analyze petabytes of security data without worrying about storage limits or performance degradation.

 🤖
 
### AI-Powered Detection

Machine learning models trained on billions of signals identify anomalies and emerging threats in real-time.

 🔍
 
### Advanced Hunting

Query your data using our powerful query language, supporting complex joins, time-series analysis, and more.

 ⚡
 
### Automated Response

Build playbooks that automatically respond to threats, reducing mean time to resolution (MTTR) by up to 90%.

## Architecture Overview

 SecureCloud Platform is built on a distributed, microservices-based architecture designed for
 massive scale and reliability:

┌─────────────────────────────────────────────────────────┐
│ Data Sources │
│ Cloud Providers │ On-Prem │ SaaS │ Endpoints │ IoT │
└───────────┬─────────────────────────────────────────────┘
 │
 ▼
┌───────────────────────────────────────────────────────┐
│ Data Collection Layer │
│ Agents │ APIs │ Syslog │ Event Hubs │ Connectors │
└───────────┬───────────────────────────────────────────┘
 │
 ▼
┌───────────────────────────────────────────────────────┐
│ Data Processing & Storage │
│ Ingestion Pipeline │ Hot Storage │ Cold Storage │
└───────────┬───────────────────────────────────────────┘
 │
 ▼
┌───────────────────────────────────────────────────────┐
│ Analytics Engine │
│ Detection Rules │ ML Models │ Threat Intel │
└───────────┬───────────────────────────────────────────┘
 │
 ▼
┌───────────────────────────────────────────────────────┐
│ Investigation & Response │
│ Dashboard │ Hunting │ Automation │ Integrations │
└───────────────────────────────────────────────────────┘

## Data Model

 SecureCloud uses a flexible schema that adapts to different data types while maintaining
 consistency across sources:

| Table Type | Retention | Use Case | Query Performance |
| --- | --- | --- | --- |
| `SecurityEvent` | 90 days hot, 1 year archive | Windows security events, authentication logs | ⚡ Fast (indexed) |
| `SecurityAlert` | 90 days hot, 2 years archive | Detections, incidents, high-fidelity alerts | ⚡⚡ Very Fast (optimized) |
| `NetworkTraffic` | 30 days hot, 90 days archive | Firewall logs, network flows, DNS queries | ⚡ Fast (partitioned) |
| `CloudAudit` | 180 days hot, 7 years archive | Cloud resource changes, API calls, compliance | ⚡⚡⚡ Excellent (compressed) |
| `ThreatIntelligence` | Real-time updates | IOCs, threat actor profiles, campaigns | ⚡⚡ Very Fast (cached) |

💡 **TIP:** 💡 Pro tip: Use the search operator across all tables when you're not sure where data resides. It automatically queries all relevant tables and unions the results.

## Quick Start

Get started with SecureCloud Platform in three steps:

## Step-by-Step Guide

### Create a Workspace

Deploy a SecureCloud workspace in your cloud environment. This takes about 5 minutes.

 Azure CLI
 Copy
 
 az securecloud workspace create \
 --name my-workspace \
 --resource-group my-rg \
 --location eastus \
 --retention-days 90

 2

### Connect Data Sources

Configure data connectors to start ingesting security data from your infrastructure.

 [View all connectors →](/data-collection)

 3

### Enable Detection Rules

Activate built-in detection rules or create custom analytics to identify threats.

 [Explore detection rules →](/detection)

## Pricing

SecureCloud Platform uses a consumption-based pricing model:

| Component | Unit | Price | Notes |
| --- | --- | --- | --- |
| Data Ingestion | Per GB ingested | **$2.50** | Includes 90 days hot retention |
| Data Retention (hot) | Per GB/month | **$0.10** | Fast query performance |
| Data Retention (archive) | Per GB/month | **$0.02** | Compliance and historical analysis |
| Analytics Compute | Per compute unit/hour | **$0.25** | Auto-scales based on query load |

⚠️ **WARNING:** ⚠️ Important: Data transfer charges may apply when ingesting data from external sources or across regions. See the detailed pricing page for examples and cost optimization tips.

## Next Steps

### 📚 Review Prerequisites

Check requirements for deploying SecureCloud Platform

### 🔌 Connect Data Sources

Learn how to ingest data from various sources

### 🎯 Configure Detection

Set up rules and alerts to detect threats

### 🔍 Investigate Incidents

Master investigation and hunting techniques

---

*This content was dynamically optimized for AI consumption*
*Source: SecureCloud Platform Documentation*
*Extracted from: HTML with complex elements (tables, code blocks, alerts)*