Know what happened. Prove why.
Your SIEM tells you what. It never tells you why. TRA-CE sits beside it and builds the causal chain — every link evidence-graded, every finding traced to source, every conclusion an analyst can defend in front of an auditor.
Request accessHow it works
Deploy the collector.
A lightweight Docker container inside your network, encrypted end-to-end via Avon — our post-quantum transport layer using ML-KEM-768 + X25519 hybrid key exchange with 30-second session rotation. It connects to your SIEM, EDR, identity provider, or cloud platform. No agents on endpoints.
Build causal chains.
Events get linked into directed causal graphs using four inference heuristics: explicit system evidence, artifact correlation, MITRE technique progression, and temporal proximity. Each link carries a confidence grade — PROVABLE, MIXED, or INFERRED. Nothing is asserted by default; everything is graded.
Investigate with evidence.
AI investigation agents run a three-stage pipeline: gather evidence, build the WHY stack, map interventions. The output is a structured argument an analyst can read in minutes — what failed, what should have caught it, what to fix, who owns it. Analysts decide. TRA-CE provides the proof.
What's under the hood
Causal chain building.
Four inference heuristics construct directed evidence graphs from event streams: explicit system evidence, artifact correlation, MITRE technique progression, and temporal proximity. Each edge is graded independently.
Campaign scoring.
Related events get grouped into campaigns scored by aggregate evidence weight. The output is not a list of alerts. It is a list of stories.
Grade every link.
PROVABLE, MIXED, or INFERRED — every edge carries a confidence grade. The chain is only as strong as its weakest link, and the dashboard never lies about which link that is.
AI agents do the slog.
Investigation agents run a three-stage pipeline: gather evidence, build the WHY stack, map interventions. The agents do the work analysts would do; the analysts review the work the agents did.
Audit-ready by default.
Every chain is a record. Every grade is a record. Every conclusion is traceable to source events. When the auditors arrive, they get the same chain the analysts built.
Post-quantum from day one.
Avon, the transport layer underneath TRA-CE, uses ML-KEM-768 + X25519 hybrid key exchange with 30-second session rotation. CNSA 2.0-aligned. FIPS 203/204 cryptography.
Works with what you have.
Splunk, Datadog, your existing SIEM and observability stack. Active Directory, Okta, your identity provider. AWS, Azure, GCP. One collector. No rip-and-replace.
See your event stream as a graph.
Point TRA-CE at a slice of your existing telemetry. Walk through what it surfaces. The fastest way to evaluate the product is to evaluate the product.
Book a demo