N
NOXA
On-prem | offline | signed delivery
Request Demo
ProductDeploymentDeployment ProfilesSystem RequirementsPerformance & CapacityOperationsTrust / Product ChainIntegrators
Cyber-native incident operations platform

NOXA unifies incident operations, trust chain verification, and offline-ready delivery.

NOXA is built for SOC, CERT, and CSIRT teams operating sensitive environments where customer-owned infrastructure, auditability, and strict trust boundaries are mandatory.

Incident-centric workflows with timeline, findings, assets, remediation, and governance context.
No mandatory external license server at runtime.
Three aligned components: runtime, license factory, and packager.
Signed artifacts with local verification and production guardrails.
Request DemoReview DeploymentTrust / Product Chain
Primary model
Incident-first
tickets remain a compatibility layer where required
Trust mode
Verify-only runtime
no private signing key and no signing in runtime
Connector position
Above SIEM
NOXA is incident coordination and remediation, not a SIEM
Deployment baseline
On-prem + offline
air-gapped and sensitive environment compatible
Audit

Website baseline was aligned against runtime, factory, and packager repositories.

The site now only presents claims validated by repository code and documentation.

Real product capabilities in repositories
Incident operations runtime for on-prem and offline-capable environments with SOC/CSIRT workflow controls.
Structured cyber domain coverage: incidents, assets, findings, evidence, remediation, timelines, and MITRE-aware workflows.
Runtime keeps strict verify-only trust behavior for licenses and signed bundles.
Runtime enforces license and product conformity locally (verify-only model).
Deployment paths are implemented for Compose, Kubernetes manifests, and Helm.
Runtime exposes admin diagnostics and audit endpoints for licensing and production guard checks.
Real trust and commercialization assets
License Factory issues detached signed artifacts: license.json + license.sig.
Packager produces customer bundles with signed product-manifest, signed bundle-manifest, checksums, and signed archive.
Inter-project contract and compatibility matrix are documented across repositories.
Support eligibility is tied to official signed artifacts and runtime conformity.
Legacy token paths are still supported for migration but are not the production target.
What the website needed to add or clarify
Shift wording from generic ticketing-first language to incident-centric cyber operations language.
Explain timeline, correlation, deduplication, and remediation workflows as first-class capabilities.
Keep implementation honesty with explicit implemented/partially in place/planned markers.
Preserve explicit split between runtime verification, factory signing, and packager signing.
Expose support posture limits (official artifacts required) without over-claiming.
Treat website as a mirror of repository truth, never as a parallel source of product reality.
Trust Chain

Signed flow across the three repositories

Runtime verifies. Factory and Packager sign.

1. License issuance in Factory

Noxa-License-Factory generates and signs customer license artifacts: license.json and license.sig.

2. Bundle creation in Packager

Noxa-Packager validates license coherence, emits checksums, and signs product-manifest, bundle-manifest, and archive outputs.

3. Local verification in runtime

NOXA runtime verifies signed artifacts offline with public keys, then enforces edition and conformity policies.

Editions

Official matrix snapshot

Catalog enforced in runtime and packager implementations.

core
Base runtime for ticketing and project operations.
core
pro
Core plus productivity and workflow acceleration modules.
coreautomation_engineworkflow_designerdashboard_fieldsbulk_editshared_ticket_views
enterprise
Pro plus advanced governance and security modules.
coreautomation_engineworkflow_designerdashboard_fieldsbulk_editshared_ticket_viewssecurity_admintheme_studioshared_dashboards
Audience

Built for teams that need control, evidence, and predictable delivery.

SOC and CERT/CSIRT teams

Operate incident triage, investigation, correlation, and remediation workflows on-prem with audit-grade traceability.

Security operations managers

Coordinate cross-team response, SLA/escalation flow, reporting, and support-eligibility evidence from one operational layer.

Integrators and regulated organizations

Deploy official signed artifacts in disconnected or constrained environments without weakening trust boundaries.

Next Step

Start with architecture fit, trust fit, and deployment fit.

NOXA workshops focus on implemented product behavior, not speculative roadmap promises.

Plan DemoSystem RequirementsDeployment Profiles