Concord engine vocabulary
Detection Portability Layer
Author a detection once against OCSF; Concord deploys it across every vendor surface in the stack.
Definition
The Detection Portability Layer is the buyer-facing surface above the Reverse Transpiler in Concord by IaxaI. SOC analysts and MSSP detection engineers write rules once in canonical OCSF terms. Concord compiles those rules into Splunk SPL, Sentinel KQL, CrowdStrike LogScale, and Sigma YAML, then deploys them to whichever platforms a tenant runs. Drift detection watches each compiled rule for behavior changes against the canonical version; when a vendor renames a field or shifts a query language semantic, the auto-repair loop proposes a corrected compile. A multi-tenant security practice no longer maintains the same detection in five dialects across thirty clients. The detection becomes a single asset versioned in one place, deployed everywhere it needs to run. Coverage is uniform across the customer base. Drift on any vendor surface flags a single source of truth, not thirty independent rule sets.
See also
Related capabilities and terms
Capability page
Read how Detection Portability Layer ships in Concord today.
/product/surfaces/detection-portability →Reverse Transpiler
Compiles OCSF detections back into vendor-native query languages so one rule runs across every tool in the stack.
Multi-Tenant Security Operations
Running security for many isolated end-clients from a single platform. The structural problem an MSSP solves; the problem Concord makes solvable.
MSSP (Managed Security Service Provider)
The primary buyer for Concord by IaxaI. A firm that delivers security operations to multiple end-clients, often regulated mid-market.
OCSF (Open Cybersecurity Schema Framework)
The vendor-neutral event schema that won the schema war. Concord by IaxaI sits above OCSF, not parallel to it.
Stop reconciling. Start trusting one timeline.
30-minute walkthrough. Your tools. Your tenants. Your audit cycle. We will show you exactly where Concord earns its keep.