Collect. Filter. Create.

Cyphon - Home

An Open Source Incident Management and Response Platform

Cyphon eliminates the headaches of incident management by streamlining a multitude of related tasks through a single platform. It receives, processes and triages events to provide an all-encompassing solution for your analytic workflow — aggregating data, bundling and prioritizing alerts, and empowering analysts to investigate and document incidents.

Incident Management Solution

Many businesses rely on emails to manage alert notifications, which leaves their networks susceptible to overlooked incidents, alert fatigue and knowledge drain. Cyphon closes gaps in data management by collecting detailed information from a variety of sources – including email, log messages, APIs, social media and more. By giving analysts complete access to all these data sources through one platform, Cyphon maximizes data coverage while minimizing the time and energy needed to monitor networks.

When alerts are triggered, analysts can investigate the incident directly through Cyphon. They can quickly view the type of activity encountered, its geographic origin and criticality level. With the click of a button, they can dive deeper into the data to find logs related to the incident. This reduces the time and effort needed to investigate an alert, allowing analysts to work more efficiently — and incidents to be remediated more quickly.

Cyphon is more than another SIEM or data collection tool. It is an all-in-one incident management solution that integrates with other APIs to streamline your workflow. Out of the box, Cyphon allows analysts to escalate and share issues with their team members and annotate alerts with the results of their analysis. This provides full transparency to your operations center or security staff, while also building a valuable knowledge base for your organization. 


  • Aggregate data from numerous sources: email, log messages, APIs, social media and more

  • Single pane of glass view instead of multiple dashboards

  • Generate custom alerts with push notifications

  • View incidents by criticality level

  • Investigate alerts and track work performed


To help your organization make the most of Cyphon, we’ve developed Cyclops – a user interface for managing alerts. Cyclops allows you to easily view, assign and investigate Cyphon alerts. It provides an “eye” into your data, enabling you to respond to issues quickly and effectively.


Cyphon works with the help of several open source projects. To get Cyphon up and running, you'll need to install all of its dependencies. We've simplified this process by using Docker, which allows you to easily deploy an application as a set of microservices. We've created a set of Docker Compose files for running Cyphon in both development and production environments. This allows you to quickly install and run Cyphon and the other services it uses, including:

You can download our Docker Compose files here. If you'd like to work with our Docker image directly, you can find it on Docker Hub.

Interested in trying Cyphon? Download our virtual machine image, which boots up preconfigured with everything you need to get started.

Learn More

Consult our official documentation at Readthedocs to learn more about Cyphon. It includes set-up instructions and a description of Cyphon’s API. Documentation for Cyclops can be found here


As an open source project, we encourage community contributions to the code base. You can find Git repositories for Cyphon and Cyclops on GitHub:


Cyphon is free software and available for personal or professional use. The Cyphon Project is maintained by ControlScan and is distributed under a dual license. The Cyphon Engine is distributed under the GPLv3 License. Cyclops is subject to a non-commercial use license


Let's Chat.

Use the form below to contact us regarding Cyphon. If you have a bug to report, feature request or would like to contribute new source code, please visit our Github page. If you need help using Cyphon, check out our community forum on Gitter.

Name *
Please do not include confidential or sensitive information in your message.