Sovereign SOC
By Cloud Temple - Version 1
Sovereign SOC: a managed security centre operated 24/7 by Cloud Temple analysts on the SecNumCloud infrastructure. Detection enhanced by AI and MITRE ATT&CK rules, human validation of alerts, and coordination of incident response — from SIEM to CERT, with no intermediaries or extraterritorial dependencies. "What we do to protect our own cloud, we do for our clients."
Overview
Sovereign SOC is Cloud Temple’s managed security centre, operated 24 hours a day, 7 days a week by Cloud Temple analysts (Level 1 to Level 3) on a SecNumCloud-certified infrastructure, with no extraterritorial dependencies. The service covers the entire cyber defence lifecycle: continuous monitoring, alert triage, investigation, remediation recommendations and coordination of incident response. Detection is powered by Cloud Temple’s Managed SIEM, which collects and correlates logs using a MITRE ATT&CK rules engine and AI-driven enrichment to pre-qualify alerts and focus analysts' efforts on genuine threats. Final assessment is carried out by humans, contextualised to the client’s business, with a 1-hour assessment SLA for critical alerts, 24/7. The service natively monitors Cloud Temple environments, but also extends to external environments: on-premises data centres, other public clouds (AWS, Azure, GCP), SaaS (M365, Workspace), network equipment and business applications. Data collection is secured via IPsec or TLS 1.3 VPN tunnels. Clients can have their detection rules customised (tailored use cases) and track qualified incidents via a real-time client portal.
How to use
The service can be deployed via the Cloud Temple Marketplace. Once you have submitted your request, our experts will define the scope of your monitoring, identify your priority use cases and scale the solution accordingly. The deployment (BUILD phase) includes integrating log sources, setting up secure data collection and configuring detection rules. Once in the RUN phase, you can access the customer portal to view current alerts, validated investigations, the history and MTTD/MTTR metrics.
Support
Cloud Temple manages the entire chain — SecNumCloud infrastructure, SIEM platform, SOC team and response capability. The service includes scoping, deployment and lifecycle management. A 1-hour response SLA for critical alerts, 24/7. Regular reporting, MTTD/MTTR metrics and recurring steering committee meetings. 90-day hot retention, cold retention for up to 1 year (optional).
Terms and conditions
Use of Sovereign SOC is subject to Cloud Temple’s General Terms and Conditions of Sale and Use. Logs, traces, alerts and investigations are hosted and operated in France on SecNumCloud-certified infrastructure, in compliance with NIS2, DORA, GDPR and HDS requirements. Reversibility is guaranteed in accordance with the Data Act: free export of all your logs, rules and histories under a 30-day SLA, followed by secure deletion within 7 days.