GNSAC
GNSAC
Cyber Intelligence
TLP:AMBER
v2.0 — 2026
Enterprise Cyber Intelligence Platform
See Cyber
Threats
Before
They Strike.
Dark web, identity leaks, threat actors and brand attacks — all in one platform, on your organization's own server.
18
Modules
8.7B+
Identity Records
30+
DB Tables
7/24
Monitoring
🌐
GNSAC Vigil
Dark web monitoring, IOC intelligence, brand protection, VIP monitoring, AI analysis and 6 different PDF reports
🔍
GNSAC Dark Search
Asset inventory, automated vulnerability scanning, CVE mapping and risk score management
🔑
License Management System
Hardware-bound activation, hardware ID + license verification, central management panel and feature flags
🏢
Local Deployment (OVF)
Works with VMware / Hyper-V / KVM. Data never leaves your organization, full data sovereignty
LOC
Full Data Sovereignty
Server is on your premises. 8.7B+ identity records, dark web crawls and all analyses run locally — no data leaves your organization.
AI
See 207 Days Earlier
The average breach goes undetected for 207 days. Get alerted before an attack begins with our AI engine and real-time IOC monitoring.
ALL
Single Integrated Platform
Threat intelligence + asset management + CVE + brand + VIP + AI — under one roof. No separate tools, no separate costs.
🛡 IOC Intelligence 🔐 Identity Leaks 🕳 Dark Web Crawler ⚠️ CVE / KEV 🏷 Brand Protection 👔 VIP Protection ⚙️ Playbook Automation 🤖 AI Prediction Engine
© 2026 GNSAC — gnsac.com.tr
CYBER THREAT LANDSCAPE
The Numbers Are Alarming.

Real data from global and Turkey-based sources. Every minute, another company is breached.

0
x10.000 $
Average data breach cost
(IBM 2024 Report)
0
DAYS
Average breach detection time
(Ponemon Institute)
%0
Companies breached
more than once (IBM 2024)
0
Daily Cyber Attacks
(Global)
0
Ransomware Attack
Every 39 Seconds
%0
Of Cyber Breaches
Caused by Human Error
%0
Of SMBs Close Within
6 Months of a Breach
🇹🇷 Turkey Cyber Threat Report
0.
Ranking among countries
most targeted by cyberattacks
2.8M
Maximum administrative fine
under KVKK
0
Hours: KVKK breach
notification requirement
%0
Cyberattack increase
in Turkey (2021→2024)
A company gets hacked every 39 seconds.
While reading this document, approximately 10 companies were breached. The question is not "will we be breached?" but "will we know when we are?"
REAL-WORLD ATTACK SCENARIOS
What Happens Without the Platform?

These are not fictional. Attack types that happen every day — and what would have happened with GNSAC Vigil.

😱 SENARYO 1 — Identity Leaks
On Monday morning, the CFO's corporate email and password are listed for sale on the dark web for $50.
The attacker buys the password → logs into the corporate VPN → accesses financial systems → 3 days later initiates invoice fraud → ₺2.4M in damages. You still don't know.
✅ GNSAC VIGIL OLSAYDI
Leak detected instantly → instant alert sent to CFO → password reset → VPN access revoked.
The Identity Monitoring module detects the leak on the dark web within minutes. A playbook is triggered, automatically notifying the affected person and initiating the password reset process.
😱 SENARYO 2 — Supply Chain
Your ERP software vendor was breached. The API key they use in your system is still active.
Attackers exploit the vendor's vulnerability to infiltrate your systems → steal your customer database → triggering a KVKK violation → financial damage, administrative fines, and reputational loss all at once.
✅ GNSAC VIGIL OLSAYDI
Vendor breach detected → risk score escalated to critical → integration automatically suspended.
The Supply Chain module monitors vendors' security posture in real time. At the moment of a breach, the risk score is updated and an automatic alert is sent to the security team.
😱 SENARYO 3 — Brand Attack
47 fake domains impersonating your company have been registered. Phishing emails are being sent to your customers.
Customers log into fake sites → credentials are stolen → you are liable for the damages → trust is eroded → litigation risk arises.
✅ GNSAC VIGIL OLSAYDI
Fake domains detected → takedown request initiated → customers alerted.
The Brand Protection module detects typosquatting and fake domains within hours. An automatic takedown request is created and the process is tracked end-to-end.
PRODUCT 01
GNSAC Vigil

GNSAC Vigil is a threat intelligence platform that monitors 24/7 all dimensions of cyber threats affecting your organization — dark web, identity leaks, threat actors, and brand attacks.

8.7B+
Identity Records Monitored
0
Security Modules
0
PDF Report Types
0
API Endpoint
📊 Module Category Distribution
Monitoring & Detection40%
Management & Response25%
Analiz & Reporting20%
Automation & AI15%
🌍 Monitored Threat Vectors
IOC / Malicious Indicators35%
Identity Leaks28%
Dark Web Activity22%
Brand Threat15%
🔗 Threat Intelligence Sources
8 Global API + 7 GNSAC Proprietary Crawlers = 15 KAYNAK
Kaynak
Rakipler
GNSAC
▸ Global Threat Intelligence APIs
OTX AlienVaultIOC
NVD / CISA KEVCVE
HIBPBreach
AbuseIPDBIP
VirusTotalHash
GreyNoiseIP
PulsediveIOC
Ransomware.liveGroup
▸ GNSAC Proprietary Crawler Engine
NOT IN COMPETITORS
🧅 Tor Dark WebLeak
✈️ Telegram ChannelsThreat
🐙 GitHub Leak ScanCode/Key
🐦 Twitter / X MonitoringActor
📋 Paste SitesIdentity
💬 Dark Web ForumsForum
📰 RSS Security FeedsNews
Competitors rely solely on global APIs. GNSAC Vigil additionally accesses sources directly and in real time via its own crawler engine.
8/15
Competitors
15/15
GNSAC
VIGIL — MODULES
All Security Modules

All 18 modules are managed from a single interface. Activated according to your license plan.

🎯
IOC Threat Intelligence
Real-time querying and bulk checking of malicious indicators by IP, domain, URL, hash, and email.
IPDomainHashURL
🔑
Identity Leaks Monitoring
Real-time monitoring of whether employee emails are listed for sale on the dark web. Bulk querying by domain.
EmailDomainHIBP
🧅
Dark Web Monitoring
Monitoring corporate data across dark web forums, Telegram channels, and paste sites. GNSAC proprietary crawler.
TorTelegramPaste
⚠️
CVE Vulnerability Management
Prioritizing and tracking active vulnerabilities using CVSS score, exploit availability, and the CISA KEV list.
CVSSKEVExploit
🕵️
Threat Actor Profiling
Tracking APT groups and cybercriminal organizations with MITRE ATT&CK-aligned TTP analysis.
APTTTPMITRE
🛡️
Brand Protection
Detection of phishing infrastructure, cloned sites, fake social media accounts, and typosquatting. Automated takedown.
PhishingTakedownTyposquat
🏭
Supply Chain Security
Managing third-party risk in real time via vendor risk matrix, breach history, and data access mapping.
VendorRisk ScoreBreach
👔
VIP / Executive Protection
Monitoring the personal data of CEO, CFO, and critical personnel across the dark web, social media, and identity leaks.
CEODark WebPersonal Data
Playbook Automation
Automated response workflows for threats. Conditional actions, email notifications, and ticket creation chains.
SOARAutomationWorkflow
🔮
Predictive Alerts
Local AI engine that predicts potential attacks by analyzing historical threat patterns.
AIMLProactive
🔍
OSINT Domain Scan
Subdomain discovery, DNS, WHOIS, SSL analysis, and web technology detection. HTML and PDF report output.
OSINTSubdomainDNS
🗺️
Cyber Attack Map
Live global cyberattack visualization and source-country map fed by real IOC data.
LiveGlobalMap
📊
Executive Dashboard
Real-time main monitoring panel with risk score, active threat count, recent alerts, and trend charts.
Risk ScoreTrendReal-time
🤖
AI Threat Analysis
Engine that analyzes all collected threat data with AI, producing threat landscape and pattern reports.
AI AnalysisPatternLandscape
📄
PDF Report Center
Executive, Technical, Compliance, VIP, Vendor, and Brand — 6 distinct TLP:AMBER classified corporate PDF reports.
6 TypesTLP:AMBERPDF
📧
Smart Notification System
Instant email notifications based on threat severity level. Custom SMTP, templates, and notification rule management.
SMTPSeverityTemplate
👥
User & Access Management
JWT + TOTP based authentication, role-based access control, and session management.
JWTTOTP / 2FARole
🕸️
IOC Relationship Map
Interactive relationship graph visualizing connections between IP addresses, domains, hashes, and threat actors.
GraphRelationshipPivot
6 DISTINCT PDF REPORTS
EXECUTIVE
TLP:AMBER
Executive Intelligence
Target: CEO · CISO · Board of Management
High-level threat summary and risk score
Last 30-day trend analysis
Critical alerts and priority actions
Strategic security recommendations
TECHNICAL
TLP:AMBER
Technical Analysis
Target: SOC Team · Security Analyst
Full IOC list (IP, domain, hash)
CVE details and exploit timeline
Attack vector and TTP map
Forensic evidence and log correlation
COMPLIANCE
TLP:AMBER
Compliance & Legal
Target: DPO · Legal · Compliance Team
KVKK/GDPR violation inventory
72-hour notification obligation tracking
Gap analysis and compliance score
Regulatory body notification draft
VIP
TLP:AMBER
VIP Protection
Target: HR · Corporate Security · Executives
Executive personal data exposure report
Dark web mentions and targeting
Social media risk analysis
Active alerts and action plan
VENDOR
TLP:AMBER
Supply Chain Risk
Target: Procurement · Risk Management · CTO
Vendor risk matrix and scoring
Breach history and affected data types
Data access and permission map
Critical vendor alert list
BRAND
TLP:AMBER
Brand Protection
Target: Marketing · Legal · Brand Team
Detected fake domain list
Phishing infrastructure and hosting analysis
Takedown request timeline
Social media clone account detection
PRODUCT 02
GNSAC DARK SEARCH

Asset Inventory ve
Vulnerability Scanning

Inventory all digital assets in your organization, run vulnerability scans for each asset, track CVEs, and monitor your risk score in real time.

1
Asset Identification
Add servers, databases, applications, and network devices to inventory
2
Automated Scanning
System scans open ports, services, and software versions
3
CVE Mapping
Detected software is matched against the global CVE database
4
Risk Prioritization
Prioritized by CVSS score + exploit status + KEV list
0
Asset Types
0
Severity Levels
0
Vulnerability Status
4
Environment Types
🏗️ Supported Asset Types
Server20%
Application18%
Database17%
Network Device16%
Endpoint15%
Cloud / Container14%
🔒 Vulnerability Status Cycle
Open20%
Confirmed18%
In Progress17%
Resolved18%
False Positive15%
Accepted12%
⚡ CVE Severity Distribution & Risk Prioritization
🔴 CRITICAL (CVSS 9.0–10.0) Immediate Action
Exploit active · On CISA KEV list · Patch within 24 hours
🟠 HIGH (CVSS 7.0–8.9) Within 7 Days
Exploit available · High attack surface
🟡 MEDIUM (CVSS 4.0–6.9) Within 30 Days
Limited exploit · Conditional exploitation
🟢 LOW (CVSS 0.1–3.9) Scheduled Maintenance
Low impact · Routine patch cycle
🧠 Smart Prioritization Factors
💣
Exploit Availability
PoC & active exploit tracking
📋
CISA KEV
Used in real-world attacks
🏭
Environment Criticality
Production / staging / test
🔗
Attack Surface
Internet exposure & dependencies
📦
Asset Inventory Management
Server, database, application, network device, endpoint, cloud, and container. For each asset: IP, hostname, MAC, software list, services, tags, and notes.
ManualAutomatedScan
🚨
Vulnerability Scanning & CVE Mapping
Open ports, services, and software versions are detected. Matched against NVD and CISA databases. Is an exploit available? Is it actively used in attacks?
CVSSNVDKEV
⚖️
Risk Score & Prioritization
Dynamic risk score for each asset. Smart prioritization by criticality, exploit status, and active attack usage. Assignee and deadline tracking.
Risk ScoreAssignmentPriority
🩹
Patch Management & Reporting
Patch guide, status tracking, and history for each vulnerability. Filter by environment (production / staging / test). Severity-based summary reports.
PatchHistoryReport
LICENSE MANAGEMENT SYSTEM
Smart Licensing

Hardware-bound activation, offline tolerance, feature flags, and a centralized admin panel for full control.

Starter
Basic PlanFor small and medium-sized organizations
5 Core Features
  • IOC and CVE intelligence
  • Identity leak monitoring
  • OSINT domain scanning
  • Basic PDF reports
  • Email notifications
  • Brand Protection
  • VIP Protection
  • Playbook Automation
  • Dark Search / Vulnerability
Professional
Enterprise PlanFor organizations with active security operations
13 Features Active
  • All Starter features
  • Brand Protection module
  • VIP / Executive monitoring
  • Supply chain security
  • Playbook automation
  • Predictive alerts (AI)
  • 6 different PDF reports
  • Custom SMTP support
  • Dark Search module
Enterprise
Full PackageFor large organizations with a SOC team
All 18 Modules
  • All Professional features
  • Dark Search (Asset inventory)
  • Vulnerability scanning engine
  • Threat relationship map
  • Advanced AI analysis
  • Priority support
  • Custom integration support
  • Unlimited quota
ACTIVATION FLOW
STEP 1
🖥️
VM Started
OVF image is deployed
STEP 2
🔑
License Key
Entered via web interface
STEP 3
🔒
Hardware Binding
SHA256 machine identity
STEP 4
📡
Activation Confirmation
Central server confirms
STEP 5
System Ready
All features active
FEATURE FLAGS
Feature Description Starter Professional Enterprise
dark_searchAsset inventory and vulnerability scanning✓ Aktif
playbooksAutomation workflows✓ Aktif✓ Aktif
vip_protectionExecutive monitoring✓ Aktif✓ Aktif
predictive_alertsAI prediction engine✓ Aktif✓ Aktif
brand_protectionBrand threat tracking✓ Aktif✓ Aktif
supply_chainVendor management✓ Aktif✓ Aktif
reportsPDF report generation✓ Basic✓ 6 Tip✓ 6 Tip
email_notificationsEmail alerts✓ Aktif✓ Aktif✓ Aktif
custom_smtpCustom SMTP server✓ Aktif✓ Aktif
osint_scanOSINT domain scanning✓ Limited✓ Extended✓ Unlimited
🔄

License Validation Cycle: On each validation request, the system sends the hardware identity (machine_id) and license key together to the central server. The server compares this pair to confirm the license belongs to the correct machine. With every report generation, domain scan, and OSINT operation, the monthly quota is automatically decremented; requests are rejected when the usage limit is exceeded. IP address, last connection time, and quota status are updated in real time.

🛜

Offline Tolerance: Even if the internet connection is lost, all features remain active for the configurable tolerance period. Automatic synchronization when connectivity is restored.

ARCHITECTURE & SECURITY
System Architecture

All components run together in a single OVF image. Actively crawls the dark web, Telegram, GitHub, and forums with its own crawler engine. Data never leaves your organization.

GNSAC Vigil — Platform Architecture v2
THREAT INTELLIGENCE API
OTXOTX AlienVault
ADBAbuseIPDB
HIBHIBP
NVDNVD / CISA KEV
VTVirusTotal
GNGreyNoise
RWRansomware.live
PDPulsedive
GNSAC CRAWLER ENGINE
TORTor Dark Web (9050)
TGTelegram Channels
GHGitHub Leak Scan
XTwitter / X Monitoring
PSTPaste Sites
DWFDark Web Forums
RSSRSS Security Feeds
SYNC
OVF VM — YOUR CORPORATE NETWORK
NGX Nginx Reverse Proxy
SSL/TLS Termination · :443
Next.js
Frontend UI
Port :9999
Go API
Fiber v2
Port :8080
PG PostgreSQL 15+
30+ Tables · 8.7B+ Identity Records
HB
Heartbeat
CRW
Crawler
SMTP
Alert
AI
Engine
LIC
License
SCH
Scheduler
PM2 Process Manager — Auto-restart · Log rotation
TLS
USER ACCESS
WEB Web Browser
Next.js dashboard — 20 screens
JWT + TOTP 2FA
API REST API
100+ endpoint
API Key auth
PDF PDF Reports
6 different types
TLP:AMBER classified
LIC Lisans Serversu
Central activation
HW ID validation
DATA SECURITY
All data stays inside the VM. Only threat data is pulled from external sources. Customer data never leaves.
Security Layers

2FAJWT + 2FA

HMAC-SHA256 signed token, 7-day validity. Two-factor authentication with RFC 6238-compliant TOTP.
JWTTOTP8 Backup Codes

KEYAPI Key Auth

Auto-generated API key for machine-to-machine integration. Kicks in when JWT is insufficient.
Auto-generatedFallback

RLRate Limiting

General: 10,000 requests per hour per JWT/IP. Identity query: 30 requests per minute. Sliding window algorithm.
10K/hour30/min

PWDPassword Security

Bcrypt (cost 10). Plain-text passwords are never stored. Secure hash comparison.
BcryptCost 10

DOMDomain Validation

Only licensed domains can access OSINT scans and identity queries. Keyword must be 3+ characters.
Domain RestrictionKeyword Val.

HWHardware Binding

License is locked to machine identity. CPU serial + disk UUID + MAC → SHA256 fingerprint. Copy protection.
SHA256Machine Identity
WHY GNSAC VIGIL?
Feature GNSAC Vigil✓ 9/9 Market Alternatives✗ 0/9
Data Privacy✓ Fully local, data never leaves✗ Cloud-based processing
Deployment✓ OVF — ready in minutes✗ Long integration process
KVKK / GDPR Report✓ Ready-made report type included✗ Requires custom development
Brand Protection✓ Included — no extra charge✗ Separate product / extra cost
VIP Protection✓ Included — no extra charge✗ Separate product / extra cost
Playbook Automation✓ Included in all plans✗ Usually enterprise tier only
AI Prediction Engine✓ Runs locally, no external dependency✗ Cloud AI dependent
Turkish Interface✓ Full Turkish language support✗ Usually English only
Single Platform✓ 18 modules in one interface✗ Multiple tools, multiple licenses
TOTAL SCORE ✓ 9 / 9 — Fully Compliant ✗ 0 / 9 — Insufficient
COST ANALYSIS
Return on Investment

A cybersecurity breach costs an average of $4.45 million. GNSAC Vigil brings this cost close to zero — for a tiny fraction of your total budget.

If a Breach Occurs
Data breach investigation & response ₺12.5M
KVKK administrative fine (max.) ₺2.8M
Operations shutdown / downtime ₺8.2M
Reputational loss & customer loss ₺6.0M+
Digital forensics & legal proceedings ₺3.5M
TOTAL AVERAGE COST ₺33M+
Protect Yourself with GNSAC Vigil
24/7 dark web monitoring ✓ Dahil
Automated breach detection & alert ✓ Dahil
KVKK/GDPR compliance report ✓ Dahil
AI prediction engine (proaktif) ✓ Dahil
Brand + VIP + Supply chain ✓ Dahil
ANNUAL PLATFORM COST ≪ %1'i
YOUR ROI
Return on Investment
0
× ROI
If one breach is prevented
Setup Time
30
Minutes
OVF import → live
Early Detection
0
Days Earlier
Compared to competitors
BUILD IT YOURSELF — COST ANALYSIS
Individual Tool & Staffing Cost for the Same Coverage
3× Cybersecurity Analyst (salary + benefits)
₺4.8M
Threat Intel & IOC API licenses (8 sources)
₺1.2M
SIEM & Log Management platform
₺800K
Brand & VIP monitoring tools
₺600K
Dark web crawler infrastructure (Tor + crawl)
₺400K
Integration & custom software development
₺600K
ANNUAL TOTAL ₺8.4M+
Plus: 6-12 month setup time · Ongoing maintenance burden · Extra development for KVKK report
GNSAC Vigil — Single Platform
All 18 modules above included
OVF deployment in 30 minutes
No additional staff required
KVKK/GDPR reports built-in
Data never leaves your organization
Single invoice · single support line
ANNUAL PLATFORM COST
Get a Quote →
Instead of ₺8.4M+ — a single line item
QUICK INSTALLATION
Go Live in 30 Minutes

Import the OVF image into your hypervisor, configure the network, activate your license. That's it. No agent installation, no lengthy integration process.

01
Dk. 0–5
DOWNLOAD Download the OVF File
Download the signed OVF file (~3 GB, single package) from the GNSAC license portal. SHA-256 verification is performed automatically.
VMware ESXi vSphere VirtualBox Proxmox
02
Dk. 5–12
IMPORT Import & Boot the VM
Import the OVF into your hypervisor. Minimum requirements: 4 vCPU · 8 GB RAM · 500 GB disk. All services start automatically when the VM boots.
$ systemctl status darkweb-api vigil-frontend postgres tor
● darkweb-api.service — active (running)
● vigil-frontend.service — active (running)
03
Dk. 12–18
NETWORK Network & IP Configuration
Assign a static IP to the VM. Hostname and DNS configuration is optional. SSL certificate is pre-installed on the VM. Allow port 443 in your corporate firewall.
✓ Assign static IP
✓ Allow port 443
04
Dk. 18–24
LICENSE License Activation
Enter the license key in the admin panel. The system sends the hardware identity (machine_id) to the GNSAC license server. Approval is instant. Request an offline activation file for air-gapped environments.
License Key: GNSAC-XXXX-XXXX-XXXX
Machine ID: sha256:a4f7b2c9...
✓ Activated — 365 days remaining
GO
Dk. 24–30
PROFILE Create a Monitoring Profile
Add your domains, email addresses, IP ranges, and VIP employees to the system. The first threat scan starts automatically. Initial findings appear on the dashboard within 5 minutes.
STATUS
SYSTEM LIVE — MONITORING STARTED
All services active · Crawler running · Dashboard ready
SYSTEM REQUIREMENTS
CPU
Processor
4 vCPU
x86_64 · Recommended: 8 vCPU
RAM
Memory
8 GB RAM
Recommended: 16 GB
SSD
Storage
500 GB
SSD · 1 year log retention
LEGAL COMPLIANCE
KVKK & GDPR Penalty Table

Failure to report data breaches, inadequate security measures, or non-compliance with legal processes leads to severe penalties. GNSAC Vigil proactively protects you against these risks.

TRKVKK — PERSONAL DATA PROTECTION LAW (TURKEY)
VIOLATION TYPE ADMINISTRATIVE FINE NOTIFICATION DEADLINE VIGIL PROTECTION
Failure to report a data breach ₺280.000 – ₺2.800.000 72 Saat ✓ Automatic detection + alert
Inadequate technical security measures ₺88.000 – ₺880.000 ✓ Security gap scanning
Violation of disclosure obligation ₺44.000 – ₺440.000 ✓ KVKK compliance report
Violation of data destruction obligation ₺44.000 – ₺440.000 ✓ Data inventory monitoring
Special category data breach (health, biometric) ₺280.000 – ₺2.800.000 72 Saat ✓ Critical asset priority
EUGDPR — GENERAL DATA PROTECTION REGULATION (AB)
VIOLATION TYPE FINE NOTIFICATION DEADLINE VIGIL PROTECTION
Failure to report a security breach €10M veya ciro %2 72 Saat ✓ Real-time alert
Violation of basic data processing principles €20M veya ciro %4 ✓ GDPR compliance report
Inadequate technical & administrative measures €10M veya ciro %2 ✓ Vuln. scanning + CVE monitoring
Unlawful cross-border data transfer €20M veya ciro %4 ✓ Local data — never leaves
Legal Time Limit
0
HOURS
KVKK & GDPR breach
notification requirement
Maximum Fine
€20M
or 4% of Revenue
Applied for GDPR
fundamental principle violation
Vigil Alert Time
< 5
MINUTES
Real-time detection
and instant notification
Find threats before they find you.
WEBgnsac.com.tr DSTSupport @ info@gnsac.com.tr
GNSAC Vigil
Dark Web Intelligence
GNSAC Dark Search
Asset and Vulnerability Management
© 2026 GNSAC Cyber Security. All rights reserved.
TLP:AMBER — RESTRICTED DISTRIBUTION