Skip to content
← All work

Praesidex

Unified security operations platform — aggregates findings from 19 security tools into a single pane of glass with automated ticket lifecycle and compliance evaluation.

securityaiplatformdeveloper-toolscompliance

Problem

Security teams drown in tool sprawl. JIRA, GitHub, Wiz, Sentinel, Defender, Qualys, CrowdStrike, ServiceNow — 19 platforms, none of them talking to each other. Findings rot in dashboards nobody checks. Tickets get closed with critical vulnerabilities still open because nobody ran the cross-reference.

Approach

Built a TypeScript monorepo (Express backend + React dashboard) that integrates all 19 platforms through a standardized singleton client pattern with retry, rate limiting, and credential rotation. A Universal Exposure Management System correlates findings, assets, and vulnerabilities across every source. Automated ticket lifecycle — start work, create branch, create PR, validate security posture, auto-close — with a security gate that blocks closure when CRITICAL or HIGH findings still exist.

Result

2,957 tests at 92%+ coverage across 137 suites. 27-page dashboard with real-time risk scoring. 50+ CLI commands for automation. Compliance evaluation against 6 frameworks (NIST, SOC 2, PCI DSS, HIPAA, ISO 27001, CIS). Daemon mode with webhook listener and event queue for 24/7 automated incident response.

Stack

TypeScriptReactExpressSQLitePostgreSQLDockerKubernetesHelm

What I'd do differently

Would build the GraphQL API layer from day one instead of REST-first. The 27 dashboard pages generate a lot of granular queries that REST handles awkwardly — GraphQL would have eliminated dozens of bespoke endpoints.

Praesidex is a Threat Ops Center that replaces the tab-switching nightmare of modern security operations with a single platform. Connect your tools, see everything, close tickets safely.

Architecture

The system is organized around a Universal Exposure Management System (UEMS) that serves as the central nerve:

  • Integration Layer — 19 API clients (JIRA, GitHub, Wiz, Sentinel, Defender, AWS Security Hub, GCP SCC, CrowdStrike, Qualys, Tenable, Snyk, Splunk, ServiceNow, PagerDuty, CloudFlare, Security Scorecard, Google Chronicle, Slack, and more) all following a singleton factory pattern with credential chain resolution
  • UEMS Core — Correlates findings, assets, and vulnerabilities across every platform into a unified data model
  • Workflow Engine — State machine that manages the full ticket lifecycle from creation through security-validated closure
  • Daemon — Background process with webhook listener, configurable polling, priority event queue, and graceful shutdown
  • Compliance Engine — Evaluates posture against NIST, SOC 2, PCI DSS, HIPAA, ISO 27001, and CIS benchmarks

Key differentiators

  • Security gate — Tickets cannot close while CRITICAL or HIGH findings remain open. Configurable policy: strict, severity-based, or custom allowlist.
  • Bidirectional sync — GitHub webhook fires → JIRA transitions. Security finding surfaces → ticket blocks. No manual cross-referencing.
  • Multi-tenant RBAC — Tenant isolation, role-based access control, OIDC SSO, and tamper-evident audit logging.
  • CLI + dashboard — 50+ commands for scripting and automation, plus a 27-page React dashboard for visual ops.

Interested in working together?

Get in touch