How LiteSOC Works
No security expertise needed. One line of code. Done in 2 minutes.
Think of it like your home security
Most security tools protect the outside of your application. LiteSOC protects the inside where the real threats actually happen.
The fence outside (Cloudflare, WAF)
Stops strangers from getting into your property. Great at blocking bots, DDoS attacks, and known bad actors before they even reach your door.
The CCTV inside (LiteSOC)
Watches what happens after someone walks through the front door. It records who came in, what they touched, and alerts you if someone starts acting suspiciously even if they had a key.
You ideally want both. Use Cloudflare (or a WAF) to keep attackers from reaching your app. Use LiteSOC to watch what legitimate users do inside it because most account takeovers and data leaks happen from accounts that look completely normal from the outside.
How the three layers fit together
Cloudflare / WAF
The fence around your property
Blocks
Passes through
Your Application
The house itself
Passes through
Users are inside. But who is acting suspiciously?
LiteSOC
The smart CCTV inside your app
Watches & alerts on
Up and running in 2 minutes
Four steps. No security background required.
Create your free account
Free forever tier availableSign up at litesoc.io. It takes less than a minute. No credit card needed. You will get an API key immediately that is the only thing you need to connect your app.
Place the API call at the right spots in your app
Works with any language or frameworkLiteSOC is not just a login monitor. For full coverage, you call the API at different sensitive points in your app not only after login, but also in your admin panel, your data management routes, and your account settings. Each call takes one line. The more spots you cover, the more complete your audit trail.
// 1. After login (auth events)
const user = await auth.getUser(token);
if (!user) return res.status(401).json({ error: 'Unauthorized' });
await litesoc.track({ event: 'auth.login', userId: user.id });
// 2. In your Admin Panel (privilege escalation events)
await litesoc.track({ event: 'authz.role_change', userId: user.id,
metadata: { from: 'viewer', to: 'admin' } });
// 3. In Data Management (bulk delete / export events)
await litesoc.track({ event: 'data.bulk_delete', userId: user.id,
metadata: { recordCount: 500, table: 'customers' } });
// 4. In Account Settings (password & MFA change events)
await litesoc.track({ event: 'auth.password_change', userId: user.id });
await litesoc.track({ event: 'auth.mfa_enabled', userId: user.id });LiteSOC watches what happens inside your app
Automatic enrichment, no extra configEvery time someone logs in, accesses a resource, or performs a sensitive action, LiteSOC records it. It automatically enriches each event with the user's location, device, IP risk score, and whether they are using a VPN or Tor.
Get alerted the moment something suspicious happens
Alerts in under 5 secondsIf LiteSOC detects unusual behaviour like a user logging in from two different countries within an hour, or multiple failed login attempts, it sends you an instant alert via Slack, email, or webhook. You will know before your users do.
That really is it.
Most developers are fully set up in under 2 minutes. You do not need to change your database schema, install any agents, or configure firewalls. LiteSOC works entirely through a simple HTTP API call that you add to your existing code.
What happens under the hood
Suspicious Activity
Something odd happens in your app
API Call Sent
Your code sends one line to LiteSOC
LiteSOC AI Engine
Scores risk, detects patterns, enriches data
Instant Alert
Slack, email, or webhook — your team knows
Suspicious Activity
Something odd happens in your app
API Call Sent
Your code sends one line to LiteSOC
LiteSOC AI Engine
Scores risk, detects patterns, enriches data
Instant Alert
Slack, email, or webhook — your team knows
One sensor is not enough
Putting LiteSOC only at login is like installing one security camera at the front door and leaving the rest of the house uncovered. For a complete picture of what is happening in your app, you place the API call at every sensitive point not just login.
Where to place your sensors
auth.login_failedauth.mfa_disabledadmin.privilege_escalationdata.bulk_deleteLiteSOC Engine
Watching all sensors
auth.login_failedadmin.privilege_escalationdata.bulk_deleteauth.mfa_disabledLogin & Auth
- User logs in
- Login fails
- Password reset
- MFA enabled
Catch account takeovers and brute force attacks.
Admin Panel
- Role changed to admin
- User banned
- Config updated
- Feature flag toggled
Detect privilege escalation and insider abuse.
Data Management
- Bulk delete triggered
- Export downloaded
- Database backup accessed
- API key generated
Spot data theft and mass deletion before it is too late.
Account Settings
- Password changed
- Email changed
- MFA disabled
- Session revoked
Identify account hijacking attempts via settings changes.
LiteSOC connects the dots into a full forensic audit trail
Each API call you add is one piece of the picture. LiteSOC links all of those events together by user, by session, and by time. So instead of seeing isolated log entries, you get a complete timeline: the attacker logged in from a VPN in Germany, changed the account email, exported 3,000 customer records, and gave themselves admin access, all within 4 minutes. That is the kind of story that a login monitor alone could never tell you.
What does LiteSOC actually detect?
Once you add the code, LiteSOC automatically looks for these threats in your security events.
Account Takeovers
Someone using a stolen password to log into a real account.
Impossible Travel
Same account logging in from two countries within minutes of each other.
Brute Force Attacks
Someone trying hundreds of password combinations to break into an account.
VPN / Tor Logins
Users hiding their real location using anonymising tools.
Privilege Escalation
A regular user trying to access admin features they should not be able to.
Unusual Access Patterns
A user suddenly accessing data they have never touched before, in bulk.
No and that is an important difference. Cloudflare is a fence around your house. It protects your server from attacks before they even reach your app. LiteSOC is a CCTV inside the house. It watches what happens after someone gets in, after they log in, access your data, or take actions inside your app. You ideally want both. Cloudflare keeps outsiders away. LiteSOC tells you what your users are actually doing once they are inside.
It means LiteSOC works inside your app, not at the network level. Instead of looking at raw network traffic, it tracks real user actions, logins, data access, account changes, with full context about who did what, when, and from where. This lets you catch things that network tools completely miss, like an account takeover by a legitimate-looking login from a new country.
Not at all. LiteSOC is designed for developers and founders, not security teams. You add one line of code after your login check, connect your Slack, and you are done. The dashboard is designed to be understood by anyone, no security jargon, no complex configuration.
LiteSOC is not just for the login page. For full coverage you want to place the API call at every sensitive point in your app. At a minimum: right after your authentication check (login events), in your admin panel (privilege escalation events), in your data management routes (bulk delete or export events), and in your account settings (password and MFA change events). Each placement is one line of code. The more points you cover, the more complete your security picture becomes — and the better LiteSOC can connect those events into a full forensic audit trail.
No — and this is important. LiteSOC supports 26 standard security event types across authentication, administration, data access, and authorisation. Login is just the starting point. A full setup tracks events across your entire app: when an admin changes someone's role, when a user exports a large dataset, when a password is changed, when MFA is disabled. LiteSOC links all of these events together so you can see the full story of what happened, not just isolated log entries.
No. LiteSOC sends events in the background asynchronously, your users will not experience any delay. The average latency added is less than 50ms, and it does not block your app from responding. Think of it like writing to a log file, it happens silently in the background.
Impossible travel is when the same account logs in from two locations that are physically impossible to travel between in the time gap between logins. For example: logged in from Kuala Lumpur at 9am, then logged in from London at 9:05am. That is physically impossible, it means the account is likely compromised. LiteSOC detects this automatically and alerts you immediately.
A VPN hides a user's real location by routing their traffic through a server in another country. Legitimate users sometimes use VPNs for privacy. But attackers use them to hide where they are really logging in from. LiteSOC detects when a login comes from a known VPN or Tor exit node and flags it so you can decide whether to allow or investigate it.
Yes. LiteSOC has native integrations with Supabase Auth, Auth0, Firebase Auth, Clerk, and NextAuth.js. If you use one of these, setup takes under 2 minutes. If you use a custom auth system, you can still use LiteSOC, just call the API directly from your login handler.
Not by default. LiteSOC is a tool for you, the developer or founder, not your end users. You see all events in your LiteSOC dashboard. If you want to show users their own login history or active sessions, you can build that yourself using our API, but it is not a built-in feature.
Yes. All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Each organisation's data is completely isolated, no other customer can see your events. We are GDPR-ready and do not sell or share your data with third parties.
Ready to add LiteSOC to your app?
Sign up for free and be monitoring your app in under 2 minutes. No credit card required.
Free forever tier • No credit card required • 2-minute setup