Galanthus SIEM captures, analyzes, and protects all your network traffic in real time. Deploy it on a Linux machine at your access point — every connected device is instantly monitored.
60% of small businesses that suffer a cyberattack close within 6 months. Traditional SIEMs cost tens of thousands of dollars and require dedicated security teams.
Galanthus SIEM changes the rules: enterprise-grade security at €20/month — less than a team lunch. Deploy it on a Linux machine at your access point and every connected device is protected.
Splunk, QRadar, Sentinel — unaffordable for a 10-50 employee company.
Months of setup, complex integrations, dedicated SOC team required.
Most SMBs end up with no network monitoring — just antivirus and hope.
Complete monitoring, intelligent detection, and automated response in a single product.
Captures and analyzes every packet. Interactive network graph showing live connections, protocols, and data flows.
Automatically blocks malicious IPs and domains via real iptables rules. Zero manual intervention required.
SQL-like rules with multiple conditions and logical operators. 7 action types: alert, block, allow, and more.
Detects anomalies: off-hours activity, DNS tunneling, DGA, port hopping, crypto mining, data exfiltration.
Geographic origin of every connection via GeoLite2. Automatic malicious IP detection with threat feeds.
Discovers and classifies all devices: routers, servers, IoT, cameras. Detects unauthorized Shadow IT devices.
Live world map showing geographic origin of every connection and attack. Color-coded markers by threat level.
L2-L7 analysis: HTTP headers, TLS SNI, JA3 fingerprints, DNS, SMTP, FTP and 40+ protocols.
Attempts per hour, protocols, source countries, ASN, and which rules triggered each block.
Real-time dashboard with network graph, alerts, metrics, and full control from your browser.
No agents, no complex configs. One command on any Linux machine at your network access point.
Install Galanthus on a Linux machine connected to your AP or network switch.
The C-native interceptor captures every packet in promiscuous mode.
Rules engine and UEBA process all traffic in real time.
Auto firewall blocks, instant alerts, full dashboard from any browser.
Advanced behavior analysis that catches attacks invisible to a conventional firewall.
Denial-of-service and connection floods.
Data exfiltration via DNS queries.
Algorithmically generated malware domains.
IPs switching ports to evade detection.
Slow connections exhausting resources.
Connections from unusual countries.
Attackers moving between devices.
Unauthorized mining on your network.
Anomalous upload ratios indicating leaks.
Unauthorized devices on your network.
Traffic during non-business hours.
Client fingerprints indicating attack tools.
Same essential protection at a fraction of the cost and complexity.
| Feature | Traditional SIEM | Galanthus |
|---|---|---|
| Annual cost | $15,000-$80,000 | €20/month (~€240/yr) |
| Deployment time | Weeks / months | < 5 minutes |
| Staff required | Dedicated SOC team | General IT staff |
| Platform | Cloud / multi-platform | Linux (ideal for AP) |
| Real-time monitoring | ✓ | ✓ |
| Threat detection | ✓ | ✓ |
| Integrated firewall | Partial | ✓ |
| UEBA | ✓ (add-on) | ✓ Included |
| Network graph | ✗ | ✓ |
| Real-time threat map | ✗ | ✓ |
| Device inventory | Add-on | ✓ Included |
| DPI L2-L7 | ✓ | ✓ |
| External dependencies | Cloud, agents, licenses | Zero |
C-native interceptor and Node.js dashboard. Minimal footprint, maximum performance. Linux only.
Explore a real Galanthus SIEM instance monitoring an active network. Log in with password: admin
Full dashboard with real network data, active detections, firewall logs, threat map, and interactive network graph. Password: admin
Launch Live DemoStart protecting your entire network for just €20/month. Deploy on a single Linux machine at your access point.