VEDANUX — Know what's hostile. Before it costs you.

VEDANUX is the dedicated reputation cloud service of the NOGTUS ecosystem — cloud-native private threat intelligence network for object & URL reputation.

Security teams use one place to ask: “Is this object, URL, domain, or address known to be hostile?” — and receive a clear, defensible answer from a multi-layer NOGTUS-operated reputation knowledge base consolidated into a single verdict surface.

Standalone, separately-licensed cloud service that complements — but does not duplicate — the NOGTUS Analytics Cluster: where the Analytics Cluster reasons over live telemetry to detect, alarm, and ticket events in real time, VEDANUX reasons over aged, governed indicators to deliver authoritative reputation verdicts on demand — during triage, hunting, post-incident forensics, or compliance review.

Can be used standalone for organisations that primarily need reputation lookup, or wired into the NOGTUS Analytics Cluster and Forensic Integrated Platform as the single authoritative reputation source — eliminating parallel TI feeds and giving every analyst one shared verdict surface across the entire NOGTUS estate.

Every VEDANUX lookup follows a deterministic three-stage path: Stage 1 — Vedanux Engine (routing, caching, parallel orchestration, multi-layer verdict fusion, reputation scoring 0–100 per indicator); Stage 2 — Knowledge Sources (Threat Intelligence Core and Reputation Corroboration Grid, both NOGTUS-operated, queried in parallel and fused into one verdict); Stage 3 — Verdict Workspace (structured result — verdict badge, multi-layer matrix, relations graph, history — exportable to JSON · CSV · PDF).

The same three-stage path serves a manual analyst search, an API call from the Analytics Cluster, and a batch lookup from a forensic case file.

Indicators are produced and governed end-to-end by the NOGTUS intelligence team; validation removes unverified or transient noise before publication.

Per-indicator confidence score (0–100) with documented methodology and version history; tagging by malware family, campaign, MITRE ATT&CK technique, and target sector.

Long retention with archival tier; every verdict change is audit-logged.

NOGTUS-produced · curated · confidence-scored · versioned — subscribers see one verdict, one schema, one auditable trail — never a fragmented multi-tab view.

V01 — Vedanux Engine (reputation orchestrator): every inquiry that enters the console or the API lands here first; the engine identifies indicator type, routes parallel queries to the Threat Intelligence Core and the NOGTUS Reputation Corroboration Grid, fuses signals, and produces a single normalised result — verdict category, numeric score, contributing-layer breakdown, and timestamps.

Auto type detection: Hash (MD5 / SHA-1 / SHA-256 / SHA-512), URL, Domain, IPv4, IPv6, file upload — detected from input shape; no analyst hint required.

Parallel resolution: all NOGTUS-operated reputation layers queried concurrently with internal timeout and resilience governance.

Verdict fusion: multi-source verdicts merged through a documented scoring model into one final category and numeric reputation score (0–100).

Result caching: hot-cache layer for repeat lookups within configurable TTL, keeping common-indicator latency under a second.

Asynchronous jobs: file-upload analysis, bulk lookups, and deep enrichment run as tracked async jobs with status polling.

Audit trail: every query, verdict, and verdict change is logged with user, timestamp, and contributing sources for later review.

V02 — Knowledge Sources: Threat Intelligence Core & Reputation Corroboration Grid — two complementary reputation layers, both produced and managed in-house by NOGTUS.

Threat Intelligence Core — authoritative core: indicators produced, validated, deduplicated, and confidence-scored by NOGTUS before they ever surface in a verdict; NOGTUS-produced indicator knowledge with documented validation, per-indicator confidence (0–100), tagging, and version history.

Reputation Corroboration Grid — second NOGTUS-produced reputation surface that broadens and corroborates verdicts; produced and operated end-to-end by NOGTUS as the principal — no customer-facing orchestration to integrate or maintain.

Unified schema: all signals merged into one VEDANUX verdict schema — a single result format for analysts and integrations.

Service governance: health, freshness, and capacity of every layer monitored and managed by NOGTUS as part of the service.

Graceful degradation: when any internal layer is degraded, the verdict still returns from the remaining healthy layer with a clear partial-confidence indicator.

Single source of truth: Threat Intelligence Core is authoritative; corroboration enriches but never overrides governance.

V03 — Universal Inquiry Console — one bar, every indicator: deliberately empty search bar; analyst pastes hash, URL, domain, IP, or drags a file — no input-type dropdowns, no separate search pages, no wizards.

Single search bar on the home page auto-detects hash, URL, domain, IPv4, IPv6, or file upload from input shape alone.

Drag-and-drop upload: drop a file anywhere on the page; configurable size limit, sandboxed handling.

Inline type hint: live label as the analyst types — e.g. SHA-256, Domain, IPv6 — for confidence before submission.

Bulk inquiry: CSV upload accepts large indicator batches; results delivered as an async job with downloadable export.

Workspaces: per-tenant workspace selector — searches stay isolated by workspace; Recent history, Bookmarks, Workspaces, Bulk Upload one click away.

Theming & i18n: dark and light themes; English UI on launch; roadmap room for additional locales.

Design intent: austere home page — every pixel that is not the search bar is history, bookmarks, or workspace navigation.

V04 — Verdict Workspace — structured, tabbed, exportable: answers first — what is this thing's reputation? Bold verdict badge (Clean, Suspicious, Malicious, or Unknown) and numeric reputation score (0–100) above the fold.

Tabs: Detection (multi-source matrix), Details (technical metadata), Relations (graph), History (verdict timeline), Export (download bundle); workspace shareable and bookmarkable.

Verdict badge: above-the-fold category with colour, icon, and numeric reputation score (0–100).

Detection tab: multi-layer verdict matrix — each NOGTUS-operated reputation layer that contributed, with per-layer category and last-seen timestamp.

Details tab: metadata for indicator type — hashes, file size, signer, ownership context, ASN, GeoIP, TLS fingerprint, and similar.

Relations tab: graph showing connections — communicating IPs, sibling URLs, observed campaigns.

History tab: chronological verdict timeline — first appearance, category evolution, who reviewed.

Export tab: JSON, CSV, PDF, or STIX 2.1 bundle for evidence handover and ticket attachment.

Verdict taxonomy: Clean — no negative signal; Suspicious — partial signal, low confidence; Malicious — confirmed by authoritative sources; Unknown — insufficient data to decide; numeric score gives finer granularity for dashboards and automation.

V05 — Object & Web Inspection Panels — Details tab adapts: files (uploaded or by hash) → Object Inspection Panel; URLs, domains, IPs → Web Inspection Panel — same workspace shell, two specialised inner views.

Object Inspection Panel: static analysis — header parsing, embedded strings, signer status, hash family, family-level similarity hints; hash family MD5/SHA-1/SHA-256/SHA-512/ssdeep/imphash; packer or obfuscation hints; optional handoff to deeper analysis services for dynamic inspection.

Web Inspection Panel: WHOIS and passive DNS history, TLS certificate inspection, GeoIP and ASN context, captured response headers, and a static rendering screenshot of the URL where applicable (CN, SAN, issuer, JA3 / JA3S / JARM fingerprints per datasheet).

V06 — Relations Graph — visual pivoting: interactive graph — zoom, pan, expand neighbourhood on click, filter by relation type, pivot into a new VEDANUX inquiry from any node.

Node types: File · URL · Domain · IPv4 · IPv6 · Email · Campaign · Actor · TTP — colour-coded.

Edge labels: communicates-with · drops · downloads-from · resolves-to · signed-by · observed-with — semantic, not just lines.

Interaction: zoom, pan, expand-on-click, hover preview, filter chips, one-click pivot to fresh inquiry.

Density control: adjustable expansion depth for readable graphs on dense indicators.

Export: PNG / SVG / JSON for case files, slide decks, downstream tooling.

Permalinks: every graph view shareable as a URL — stable across sessions.

V07 — Analyst Workflow — history, bookmarks, tags, export: every lookup preserved as a reusable artefact — JSON, CSV, PDF (and STIX 2.1); audit-ready record analysts and reviewers can stand behind.

Search history: per-user chronological log with verdict and timestamp; searchable and filterable.

Bookmarks: pin indicators to sidebar; notify on verdict change.

Tagging: free-form and structured tags — campaign, case, incident, sector — cross-cutting filters.

Watchlists: curated indicator lists with subscription to verdict changes; alerts via email and webhook.

Export formats: JSON (full machine-readable result), CSV (summary), PDF (signed evidence), STIX 2.1 (structured TI handover).

Sharing: permalink verdict workspace or graph view; share within workspace or across tenants where permitted.

CSA — Cloud service architecture: fully-managed multi-tenant cloud; web console app.vedanux.nogtus.cloud and managed API api.vedanux.nogtus.cloud — no installable package, no customer-managed infrastructure, no subscriber patching window.

Delivery model: SaaS subscription — activated as subscription; no shipment, no installer; basic use needs no professional services.

Tenancy: multi-tenant with strict per-tenant isolation; per-tenant workspace partitioning, encryption keys, and audit log.

Endpoints: web console + managed REST API; TLS 1.3 and modern cipher suites over public internet.

Hosting: NOGTUS service team in NOGTUS-managed cloud regions; capacity, patching, upgrades fully managed.

Availability: active-active tier with automatic failover — continuous service through individual component failures.

Commercial framing: subscription on price list — recurring contract; no hardware asset inventory, no warranty period, no end-of-life hardware replacement.

SUB — Subscription tiers (indicative; binding values in order document & Service Description): sold as annual subscription; tiers differ in inquiry volume, users & workspaces, reputation coverage depth, API rate, retention window, and support response.

Starter — small teams, evaluation, occasional triage: entry-level monthly quota; limited users/workspaces; business-hours email.

Professional — operational SOC and IR: operational monthly quota; multi-user, multiple workspaces; business-hours email + chat.

Enterprise — large orgs, multi-tenant holdings, integrated automation: high monthly quota with burst; extensive workspaces with federation; 24×7 email, chat, named contact.

SLA — Service levels (tier-dependent; indicative Enterprise targets; confirmed in Service Description): service availability targeted ≥ 99.9% monthly (Enterprise); Professional and Starter lower targets per order.

Cached lookup latency: sub-second p95 for indicators present in the verdict cache.

Cold lookup latency: best-effort orchestration for first-time lookups; governed by NOGTUS internal capacity.

File analysis latency: asynchronous job model — completion depends on size, complexity, analysis depth.

Support response: tier-dependent; Enterprise includes 24×7 channels with named contact for priority cases.

Service status: public status page with incident history and planned-maintenance announcements.

Closing & disclaimers (datasheet): capabilities, quotas, retention, coverage depth, export formats, and SLA values depend on tier and binding order; figures are descriptive intent unless reproduced in signed Service Description / Order Form; roadmap items (extra layers, formats, locales) are transparency only — not commitments.