SecureCloud Platform Documentation

Last updated: October 28, 2025 15 min read

Preview notice: SecureCloud Platform v2.0 is now in public preview. Features and pricing may change before general availability.

What is SecureCloud Platform?

SecureCloud Platform is a cloud-native security information and event management (SIEM) solution that helps organizations detect, investigate, and respond to threats across their entire digital infrastructure. Built on a scalable, AI-powered architecture, SecureCloud provides real-time visibility and intelligence to security teams worldwide.

With SecureCloud Platform, you can:

Collect data at scale: Ingest security data from any source - cloud services, on-premises infrastructure, IoT devices, and third-party applications
Detect threats faster: Leverage machine learning and built-in threat intelligence to identify sophisticated attacks
Investigate efficiently: Use powerful query language and visualization tools to understand the full scope of incidents
Respond automatically: Orchestrate response workflows and integrate with your existing security tools

Key Features

📊

Unlimited Data Ingestion

Collect and analyze petabytes of security data without worrying about storage limits or performance degradation.

🤖

AI-Powered Detection

Machine learning models trained on billions of signals identify anomalies and emerging threats in real-time.

🔍

Advanced Hunting

Query your data using our powerful query language, supporting complex joins, time-series analysis, and more.

⚡

Automated Response

Build playbooks that automatically respond to threats, reducing mean time to resolution (MTTR) by up to 90%.

Architecture Overview

SecureCloud Platform is built on a distributed, microservices-based architecture designed for massive scale and reliability:

┌─────────────────────────────────────────────────────────┐
│                    Data Sources                         │
│  Cloud Providers │ On-Prem │ SaaS │ Endpoints │ IoT    │
└───────────┬─────────────────────────────────────────────┘
            │
            ▼
┌───────────────────────────────────────────────────────┐
│              Data Collection Layer                     │
│  Agents │ APIs │ Syslog │ Event Hubs │ Connectors    │
└───────────┬───────────────────────────────────────────┘
            │
            ▼
┌───────────────────────────────────────────────────────┐
│          Data Processing & Storage                     │
│  Ingestion Pipeline │ Hot Storage │ Cold Storage      │
└───────────┬───────────────────────────────────────────┘
            │
            ▼
┌───────────────────────────────────────────────────────┐
│             Analytics Engine                           │
│  Detection Rules │ ML Models │ Threat Intel           │
└───────────┬───────────────────────────────────────────┘
            │
            ▼
┌───────────────────────────────────────────────────────┐
│        Investigation & Response                        │
│  Dashboard │ Hunting │ Automation │ Integrations      │
└───────────────────────────────────────────────────────┘

Data Model

SecureCloud uses a flexible schema that adapts to different data types while maintaining consistency across sources:

Table Type	Retention	Use Case	Query Performance
`SecurityEvent`	90 days hot, 1 year archive	Windows security events, authentication logs	⚡ Fast (indexed)
`SecurityAlert`	90 days hot, 2 years archive	Detections, incidents, high-fidelity alerts	⚡⚡ Very Fast (optimized)
`NetworkTraffic`	30 days hot, 90 days archive	Firewall logs, network flows, DNS queries	⚡ Fast (partitioned)
`CloudAudit`	180 days hot, 7 years archive	Cloud resource changes, API calls, compliance	⚡⚡⚡ Excellent (compressed)
`ThreatIntelligence`	Real-time updates	IOCs, threat actor profiles, campaigns	⚡⚡ Very Fast (cached)

💡 Pro tip: Use the search operator across all tables when you're not sure where data resides. It automatically queries all relevant tables and unions the results.

Quick Start

Get started with SecureCloud Platform in three steps:

Create a Workspace

Deploy a SecureCloud workspace in your cloud environment. This takes about 5 minutes.

Azure CLI

az securecloud workspace create \
  --name my-workspace \
  --resource-group my-rg \
  --location eastus \
  --retention-days 90

Connect Data Sources

Configure data connectors to start ingesting security data from your infrastructure.

View all connectors →

Enable Detection Rules

Activate built-in detection rules or create custom analytics to identify threats.

Explore detection rules →

Pricing

SecureCloud Platform uses a consumption-based pricing model:

Component	Unit	Price	Notes
Data Ingestion	Per GB ingested	$2.50	Includes 90 days hot retention
Data Retention (hot)	Per GB/month	$0.10	Fast query performance
Data Retention (archive)	Per GB/month	$0.02	Compliance and historical analysis
Analytics Compute	Per compute unit/hour	$0.25	Auto-scales based on query load

⚠️ Important: Data transfer charges may apply when ingesting data from external sources or across regions. See the detailed pricing page for examples and cost optimization tips.