The fundamentals of the Sovereign SOC offer
The service Sovereign SOC (Security Operations Center) is a security incident monitoring, detection and response service operated 24/7 by Cloud Temple analysts.
In addition to our SIEM, which collects and technically correlates the logs, the Sovereign SOC provides the human capacity essential to the complete cyber defence cycle: alert qualification, investigation, remediation recommendations and incident response coordination.
The entire service is backed up by the operational experience of our teams, who supervise the Cloud Temple cloud platform on a daily basis - a SecNumCloud-qualified infrastructure housing the most sensitive data of our public and private customers. What we do for our cloud, we now do for yours.
Our compliance procedures
Our Sovereign SOC offer is backed up by leading qualifications and certifications.
We are aiming for PAMS qualifications in 2026 and PDIS in 2027.
24/7
Continuous supervision
1h
Intervention SLA
100%
Hosted in France SecNumCloud
The benefits of Cloud Temple's Sovereign SOC offering
24/7 detection, reduced MTTD
A team of analysts permanently mobilised to detect, qualify and react to threats. Drastic reduction in mean time to detect (MTTD) and mean time to respond (MTTR).
From SIEM to CERT, without intermediaries
Cloud Temple operates the entire chain: SecNumCloud infrastructure, SIEM platform, SOC team, response capacity. No vendor dependency, no link we don't control.
French hosting, regulatory traceability
Logs, traces, alerts and investigations hosted in France on our SecNumCloud-qualified cloud. Compliance with NIS2, DORA, RGPD and HDS requirements.
LLM + MITRE ATT&CK
Our correlation engine uses MITRE ATT&CK rules and Artificial Intelligence to pre-qualify alerts and focus analysts' work on the real threats.
No threshold effect, predictable OPEX model
Clear subscription basis + invoicing by units of work (volume, use cases). You can adjust your scope without a sudden price jump. Public prices displayed, like all our products.
The key features of our Sovereign SOC
24/7 supervision
Team of L1, L2 and L3 analysts permanently on call to monitor and react.
Alert qualification
Sorting, qualifying and investigating events reported by the SIEM, with business contextualisation.
Incident response
Coordination of response, containment recommendations, support for remediation.
Threat intelligence
Active threat monitoring, integration of IOC feeds and correlation with your supervised perimeter.
Threat hunting
Proactive search for dormant threats or abnormal behaviour not detected by the rules.
Customised use cases
Adapt detection rules to your business environment and specific use cases.
Reporting & governance
Periodic activity reports, MTTD/MTTR indicators, recurring steering committees.
Real-time customer portal
Full visibility of alerts in progress, investigations, history and indicators.
Technical specifications
Our public rates
A linear pricing scale, with no threshold effect and no penalising bands. You subscribe to an SOC service level that defines the depth of expertise and the SLAs, then you pay for the technical resources consumed on a pay-as-you-go basis (GB/day volume).
| Description | Unit | Unit price € excl. | Commitment |
|---|---|---|---|
| SOC Core - Data in France, MTTI 1h 24/7, quarterly committee | monthly subscription | 2100 € | 12 months |
| SOC France - Data and operation 100% in France, equitable analysts, MTTI 1h 24/7, quarterly committee | monthly subscription | 2900 € | 12 months |
| Premium option - continuous threat hunting, annual intrusion test. Can be combined with Core or France | monthly subscription | 1350 € | 12 months |
| SOC Core - monthly rate calculated on the average daily volume of logs ingested *. | average volume GB / day | 28 € | 1 month |
| SOC France - monthly rate calculated on the basis of the average daily volume of logs ingested *. | average volume GB / day | 38 € | 1 month |
| Description | Unit | Unit price € excl. | Commitment |
|---|---|---|---|
| Build SOC Core - Standard sources and detection rules, marketplace deployment, up to 30 sources | project | 4500 € | one-off |
| Build SOC France - Sources, detection rules, hardening, sovereign deployment | project | 6500 € | one-off |
| Build option Premium - Additional integrations (red team baseline, advanced playbooks) | project | 3000 € | one-off |
| Description | Unit | Unit price € excl. | Commitment |
|---|---|---|---|
| Customised detection rule - Monthly creation and maintenance | use cases | 135 € | 1 month |
| Dark web surveillance - Identifier leakage monitoring | domain | 200 € | 12 months |
| Cold storage - Extension to 1 year (beyond the 90 days hot included) | Go ingested | 0,15 € | 12 months |
| Cold storage - Extension to 7 years (regulated sectors) | Go ingested | 0,42 € | 36 months |
| Vulnerability scan - 8 public IPs, report delivered | scan | 120 € | to order |
| Additional SOC Committee | session | 950 € | to order |
| Description | Unit | Pricing | Commitment |
|---|---|---|---|
| CERT PRIS - Incident response subscription, includes 4 days of digital investigation | annual | On request | 12 months |
| Forensic / Digital investigation - Post-incident analysis | day | On request | per service |
| Red team / Purple team - Annual exercise | financial year | On request | per service |
| Security posture audit and detection strategy alignment | service | On request | per service |
| Migration from an existing SIEM - Reuse and audit of rules | project | On request | one-off |
| SIEM engineering - Collection and detection of non-standard sources | day | On request | per day |
* Examples of pricing
Scenario: Monthly subscription €2,100 + average daily volume 10 GB
Calculation: €28 × 10 GB = €280, i.e. €2,380 / month
Scenario: €2900 monthly subscription + 10 GB average daily volume
Calculation: €38 × 10 GB = €380, i.e. €3,280 / month
Do you have a sovereign SOC project or a project to strengthen your cyber defence?
Would you like to outsource your security supervision, comply with NIS2 and DORA, or benefit from a 24/7 team of analysts on a sovereign infrastructure?
Our experts will work with you to define your monitoring perimeter, define your priority use cases and size the solution to meet your needs. Tell us about your project and we'll get back to you as soon as possible.
Use cases
The SIEM is the tool, the SOC is the team.
Our Managed SIEM collects, standardises and correlates security logs, and raises technical alerts qualified by our AI. The Sovereign SOC adds the indispensable human dimension: our 24/7 analysts qualify alerts in a business context, conduct investigations, recommend remedial actions and coordinate the response to incidents. The two services are complementary.
Target 2027, in line with our ANSSI approach.
Cloud Temple has been SecNumCloud qualified since 2022 (IaaS) and 2024 (PaaS). Our Sovereign SOC has been designed from the outset to meet the requirements of the PDIS (Security Incident Detection Service Provider) standard. Qualification is targeted for 2027.
Your Temple Cloud infrastructures, but also your external environments.
The Sovereign SOC natively supervises all the Temple Cloud services you have subscribed to. It also extends to your external environments: on-premises datacentres, other public clouds (AWS, Azure, GCP), SaaS (M365, Workspace), network equipment and business applications. Data collection is secured via IPsec or TLS 1.3 VPN tunnels.
We offer real-time detection with an analyst qualification time of 1 hour 24/7.
Immediate mobilisation and coordination of the response.
In the event of a major incident (suspected compromise, ransomware, exfiltration), our L3 analysts are mobilised immediately. A crisis unit is set up with your teams, containment recommendations are issued, and remediation support is provided. Forensic investigation costs extended beyond the scope of the contract are invoiced in man-days.
Your data and settings remain your property.
In compliance with the Data Act, reversibility is guaranteed. You can request an export of all your logs, detection rules, customised use cases and investigation history in standard market formats at any time. The process is free, carried out under a 30-day SLA, followed by a secure purge of your environments within 7 days.