# LiteSOC — Features

> Enterprise-grade security that scales with your startup. Behavioral AI, forensic maps, and SOC 2 compliant security logs.

- **Website:** https://litesoc.io/features
- **Docs:** https://litesoc.io/docs/api

## Core Ingestion Engine

### Smart Event Normalizer

LiteSOC automatically maps 40+ messy log formats into 26 Standard Security Events, giving you a unified view across your entire stack.

### REST API First

No heavy agents. No complex deployments. A simple REST API call from your existing codebase. Start tracking security events in minutes, not months.

- 26 Standard Events
- 40+ Format Support
- < 50ms Average Latency

### 26 Standard Security Event Types

`auth.login_success`, `auth.login_failed`, `auth.logout`, `auth.password_reset`, `auth.mfa_enabled`, `auth.mfa_disabled`, `auth.session_expired`, `auth.token_refreshed`, `authz.access_granted`, `authz.access_denied`, `authz.permission_granted`, `authz.role_changed`, `admin.user_created`, `admin.user_deleted`, `admin.role_changed`, `admin.settings_changed`, `admin.api_key_created`, `admin.api_key_revoked`, `admin.user_impersonation`, `data.export`, `data.sensitive_access`, `data.deletion`, `security.brute_force_detected`, `security.suspicious_activity`, `security.ip_blocked`, `security.rate_limit_exceeded`

## Behavioral AI & Threat Detection

### Impossible Travel Detection

Uses Haversine-formula distance calculation to detect physically impossible login patterns. Example: Kuala Lumpur at 9:00 AM → London at 9:05 AM = 10,557 km in 5 minutes. Requires Pro plan or above.

### Geo-Anomaly Detection

Builds a 30-day behavioral baseline of each user's login locations. Flags logins from new, unexpected countries — especially from the high-risk list. Requires Pro plan or above.

### Brute Force Detection

Detects repeated failed login attempts and generates security alerts. Basic detection on Free, Advanced on Pro and Enterprise with faster detection windows and combined threat correlation.

### High-Risk Countries

- 🇰🇵 North Korea (KP)
- 🇮🇷 Iran (IR)
- 🇷🇺 Russia (RU)
- 🇨🇳 China (CN)
- 🇧🇾 Belarus (BY)
- 🇻🇪 Venezuela (VE)
- 🇸🇾 Syria (SY)
- 🇨🇺 Cuba (CU)

## Forensic Intelligence

Every event is automatically enriched with:

- **GeoIP:** City, country, region, coordinates, timezone
- **Network Intelligence:** VPN/Tor/proxy detection, datacenter identification, ASN lookup, ISP data
- **Threat Scoring:** Automated risk assessment based on network signals
- **Device Fingerprinting:** User agent parsing, SDK vs browser detection

## Role-Based Access Control (RBAC)

- **Owner** — Full control including billing, team management, and danger zone actions (All permissions)
- **Admin** — Manage team members, configure settings, and view all data (Team + Settings + Data)
- **Member** — View and interact with security events and alerts (Events + Alerts)
- **Viewer** — Read-only access to dashboards and reports (Read Only)

## Integrations

- **SDKs:** Node.js, Python, PHP (official)
- **Alerts:** Email, Slack, Discord, Webhooks
- **Automation:** n8n node (LiteSOC Trigger + LiteSOC Action)
- **Auth Providers:** Supabase Auth, Auth0, Firebase Auth, Clerk, NextAuth.js