What is Defenders Castle?

Defenders Castle is an enterprise threat intelligence platform built for Saudi Arabia and the GCC region. It aggregates real-time IOC feeds, monitors your external attack surface, scans the dark web for credential leaks, and provides AI-powered analysis so security teams can detect and respond to threats faster.

Which SIEM and EDR products does Defenders Castle integrate with?

Defenders Castle integrates with major SIEM platforms (Splunk, Microsoft Sentinel, IBM QRadar, Elastic, Wazuh), leading EDR products (CrowdStrike, SentinelOne, Microsoft Defender, Carbon Black), and SOAR tools through STIX/TAXII 2.1, REST APIs, and Sigma rule export.

Does Defenders Castle support Arabic?

Yes. The full interface is bilingual (Arabic and English) with right-to-left support. Threat reports, IOC enrichment, and the AI analyst respond in either language. The platform is designed specifically for SOC teams in the KSA and the wider GCC region.

How does Defenders Castle protect customer data?

All data is encrypted in transit (TLS 1.2/1.3) and at rest (authenticated AES-GCM). Authentication uses HttpOnly secure cookies with SameSite=Strict, mandatory multi-factor authentication on every login, modern adaptive password hashing, and comprehensive audit logging. Sensitive operations are protected by double-submit CSRF tokens, IP-based rate limiting, and account lockout.

What threat-intelligence sources does Defenders Castle aggregate?

Defenders Castle aggregates indicators from 11+ feeds including AlienVault OTX, AbuseIPDB, VirusTotal, URLScan.io, the CISA Known Exploited Vulnerabilities (KEV) catalog, EPSS scoring, Have I Been Pwned, LeakRadar, TweetFeed, and curated regional sources focused on GCC threat activity.

LIVE

Alert: 7 critical threats targeting the GCC detected in the last 24 hours◆Breaking: Cyber attack targets industrial control systems in GCC energy sector◆Warning: Phishing campaign impersonating Saudi government entities◆Detected: APT35 launches espionage campaign on Saudi financial sector◆Security Update: Critical FortiGate vulnerability actively exploited — patch now◆Dark Web: 250K records from GCC organization listed for sale◆Watch: Lazarus group targeting regional crypto trading platforms◆Breaking: DDoS on GCC gov portals — CyberVolk claims responsibility◆Alert: 7 critical threats targeting the GCC detected in the last 24 hours◆Breaking: Cyber attack targets industrial control systems in GCC energy sector◆Warning: Phishing campaign impersonating Saudi government entities◆Detected: APT35 launches espionage campaign on Saudi financial sector◆

DEFENDERS CASTLE

قلعة المدافعين

Don't Wait for the Attack
Be Ready Before It Begins

FORTIFY YOUR PERIMETER

An advanced cyber threat intelligence platform purpose-built to protect organizations across Saudi Arabia and the GCC. We monitor threats around the clock from 8 global intelligence sources to give you clear, proactive visibility.

Integrates With Leading Security Platforms

SIEM • EDR/XDR • SOAR — direct integration with 20+ platforms

Microsoft

IBM

Elastic

Google Cloud

Wazuh

LogRhythm

Sumo Logic

Swimlane

TheHive

Microsoft

IBM

Elastic

Google Cloud

Wazuh

LogRhythm

Sumo Logic

Swimlane

TheHive

CrowdStrike

Palo Alto

SentinelOne

VMware

Trellix

Sophos

Fortinet

Tines

CrowdStrike

Palo Alto

SentinelOne

VMware

Trellix

Sophos

Fortinet

Tines

Operational Flow

How the Castle Works

From intelligence to response — four steps that turn noise into decisions.

STEP 01

Ingest & Correlate

Real-time intelligence from 8 global sources, correlated automatically into unified threat campaigns.

8 Sources

STEP 02

Enrich & Score

Every indicator is enriched with context and a precise confidence score — high signal, low noise.

174K+ IOCs

STEP 03

Alert & Automate

Actionable alerts auto-push to your SIEM with ready-to-run response playbooks.

1-Click SIEM

STEP 04

Investigate & Respond

Full case timeline, digital forensics, and board-ready reports in PDF & DOCX.

PDF · DOCX

See the Platform in Action

Demo data for preview only

Dashboard

IOCs

2,847

Attacks Today

156

Active Actors

47

Critical

12

Threat Map

IOC Management

⌕Search...|

TypeIndicatorSeverity

IP185.***.**.***Critical

Domainmal*****.comHigh

Hasha3f8...7b2cCritical

URLhttp://sus***.ruMedium

IP91.***.**.**High

Dark Web

01010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101

Dark Web Alerts

Data Leak — Customer DB

Access Sale — VPN Credentials

Ransomware — LockBit Group

Threat Actors

APT35

Charming Kitten

PhishingC2

APT28

Fancy Bear

0-DaySpear

Lazarus

Hidden Cobra

CryptoWiper

Live Feed

live_feed.log
[00:18:42] Feed sync: 23 new indicators
[00:18:49] Dark web alert: credential dump
[00:18:56] Playbook: Phishing Response
[00:19:03] Critical CVE: CVE-2026-****
[00:19:10] Actor update: APT35
[00:19:12] Enrichment complete

Dashboard

IOCs

2,847

Attacks Today

156

Active Actors

47

Critical

12

Threat Map

IOC Management

⌕Search...|

TypeIndicatorSeverity

IP185.***.**.***Critical

Domainmal*****.comHigh

Hasha3f8...7b2cCritical

URLhttp://sus***.ruMedium

IP91.***.**.**High

Dark Web

01010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101

Dark Web Alerts

Data Leak — Customer DB

Access Sale — VPN Credentials

Ransomware — LockBit Group

Threat Actors

APT35

Charming Kitten

PhishingC2

APT28

Fancy Bear

0-DaySpear

Lazarus

Hidden Cobra

CryptoWiper

Live Feed

live_feed.log
[00:18:42] Feed sync: 23 new indicators
[00:18:49] Dark web alert: credential dump
[00:18:56] Playbook: Phishing Response
[00:19:03] Critical CVE: CVE-2026-****
[00:19:10] Actor update: APT35
[00:19:12] Enrichment complete

LIVE OPERATIONSLIVE PREVIEW

THREAT OPERATIONS CENTER

Active Threats

1,284

Resolved Today

Avg Response

12%

Risk Score

LIVE EVENT STREAMREFRESH: 2s

IDTIMETHREATSOURCETARGETSTATUSSEV

EVT-882100:03:14SQL Injection185.220.101.42 [RU]api.corp.netBLOCKEDHIGH

EVT-882000:02:58Brute Force103.74.19.127 [CN]vpn.corp.netBLOCKEDMED

EVT-881900:01:42Port Scan45.33.32.156 [US]10.0.0.0/24LOGGEDLOW

EVT-881800:00:59Ransomware C2192.168.3.101 [INT]fileserver01QUARANTINEDCRIT

EVT-881700:00:17Phishingmail.fake-corp.ru [RU][email protected]BLOCKEDHIGH

EVT-881600:00:04Zero-Day Exploit10.10.5.231 [NK]webserver02ACTIVECRIT

ATTACK BREAKDOWNLAST 24H

Malware34%

Phishing27%

Brute Force18%

SQLi / XSS12%

Other9%

TOP THREAT ORIGINS

31%

24%

18%

14%

13%

Everything Your Security Team Needs in One Platform

Real-Time Attack Map

Track cyber attacks as they happen on an interactive map showing threat sources and their GCC targets

IOC Intelligence Database

Over 174K indicators updated from 8 global sources with precise confidence scoring

Dark Web Surveillance

24/7 monitoring of forums, dark marketplaces, and Telegram channels to catch leaks before exploitation

Instant IOC Enrichment

Enter any IP or domain and get a comprehensive intelligence report from all connected sources in seconds

Automated SIEM Integration

Auto-push IOCs to Splunk, Sentinel, QRadar and more through standard protocols with a single click

Start Today — Your First Line of Defense Begins Here

Join the organizations that trust Defenders Castle to protect their digital assets

8 Global Sources

24/7 Monitoring

GCC-Focused

No Credit Card

Don't Wait for the AttackBe Ready Before It Begins