Parinita  /  Products  /  Parinita Secure
Enterprise & Edge Layer

Parinita Secure

The World's First Blockchain-Verified XDR and SIEM

Cortex XDR. Wazuh. AI on MI350P. Every detection anchored to Chrysalis.

Secure integrates Palo Alto Cortex XDR, Wazuh SIEM, and a proprietary AI threat-intelligence layer running on MI350P — with every detection, alert, response action, and AI-generated finding cryptographically anchored to Chrysalis.

101
Sites Worldwide
6
Stack Layers
367
Firewalls Deployed
8 +
Compliance Frameworks
01 / The Problem

Your Current SIEM Runs on Infrastructure the Vendor Controls

CrowdStrike, Splunk, Sentinel, and QRadar all run on cloud infrastructure where the vendor can alter logs.

Detection evidence stored on vendor infrastructure has no chain-of-custody guarantee. In regulated industries and legal proceedings, that is not acceptable. Secure runs where the customer can validate independently.

  • Your SIEM Vendor Can Alter Your Logs

    CrowdStrike, Splunk, Microsoft Sentinel, and IBM QRadar all run on cloud infrastructure where the vendor controls the log storage. Chain of custody is a policy claim, not a technical guarantee.

  • Telemetry Cannot Leave Jurisdiction

    Many regulated environments cannot ship security telemetry to US-hosted cloud SIEMs. Running a sovereign SIEM at the edge has been technically impractical — until now.

  • AI Threat Intelligence Produces Unverifiable Narratives

    AI-generated threat findings from cloud SIEMs have no cryptographic chain of custody. They cannot be independently verified or court-admitted.

Capability
Current / legacy
What's needed
Log custody
Vendor controls log infrastructure — alterable after the fact
Chrysalis QBFT anchoring — tamper-proof by architecture, customer-verifiable independently
Telemetry jurisdiction
Cloud SIEM requires telemetry to leave jurisdiction — non-starter for regulated deployments
Wazuh SIEM at every POP — telemetry stays in jurisdiction, never crosses borders
AI finding chain of custody
AI-generated findings have no cryptographic chain of custody — cannot be court-admitted
Every AI-generated finding anchors on Chrysalis — independently verifiable, court-admissible
Insider threat detection
Rule-based alerts on isolated events — misses correlated pre-exfiltration patterns
Continuous behavioral correlation across sessions, data volumes, and command execution against role baselines
Compliance evidence
Weeks of manual log aggregation — no tamper-proof audit chain
Chrysalis transaction hashes for every control — generated on demand, auditor-verifiable
Deployment model
Cloud SIEM — external dependency, bandwidth cost, latency, vendor access to your telemetry
Edge SIEM at every POP — no external dependency, sovereign, air-gap capable
02 / Core Capabilities

Six layers. Every detection on-chain.

Secure's six-layer stack covers perimeter, endpoint, network detection, SIEM, AI intelligence, and privileged access — with every event anchored to Chrysalis no one can retroactively modify.

The Shield vertical agent stitches Cortex alerts, Wazuh events, and privileged-access sessions into MITRE ATT&CK kill-chain narratives ready for analyst review.

  • Perimeter Layer

    367 PA-5580/5560 firewalls across 101 POPs. NGFW, IPS, SSL inspection, DNS security, and Wildfire sandbox. Panorama M-700 manages all centrally.

  • Endpoint Layer

    Wazuh agents on every node — file integrity monitoring, process monitoring, vulnerability scanning, configuration compliance, rootkit detection.

  • Network Detection Layer

    Cortex XDR for lateral movement, exfiltration, C2, credential attacks, and ransomware precursors across the full 9-plane fabric.

  • SIEM Layer

    Wazuh server at every POP — local event aggregation, correlation, and storage. No telemetry leaves jurisdiction.

  • AI Intelligence Layer

    Parinita GPT on Plane 1 MI350P synthesizes incident narratives, scores anomalies, and produces predictive detection signals anchored on Chrysalis.

  • Privileged Access Feed

    Session recordings and command transcripts from Witness correlate with role baselines for insider-threat detection and MITRE ATT&CK mapping.

  • Insider-Threat Detection

    Multiple simultaneous sessions from different IPs under one privileged identity, data-volume pre-exfiltration staging, off-hours command execution against role baselines.

  • Chrysalis-Anchored Evidence

    Every detection and response action anchors on Chrysalis — 101-validator QBFT, supermajority 68. No vendor — including Parinita — can retroactively modify the record.

  • Shield Vertical Agent

    The Shield agent on Planes 3 and 8 correlates Cortex alerts, Wazuh events, and privileged-access sessions into MITRE ATT&CK kill-chain narratives for SOC analyst review.

03 / Architecture

The Plane Model

Orchestra introduces "planes" — logical groupings of hardware optimized for a specific workload class. Unlike Kubernetes node pools, planes represent fundamentally different hardware architectures with different drivers, network requirements, and scheduling semantics.

The plane model is what makes Orchestra different from every other orchestration tool. Kubernetes sees nodes. Orchestra sees purpose-built hardware tiers and routes workloads accordingly.

P1
Reasoning Cortex
AMD Instinct MI350P
Primary AI inference · LLM serving
1,450+ nodes · 288GB HBM3e · high-bandwidth accelerator
P2
Training & Generation
NVIDIA RTX PRO 6000 Blackwell
Training · TTS · creative compute
950+ nodes · 96GB GDDR7
P3
Chain & CPU Compute
AMD EPYC Turin 9005
Chrysalis validators · CPU inference
700+ nodes · Zen 5c
P4
Knowledge & Retrieval
Intel Sierra Forest
Almanac vector search · RAG anchor
1,250+ nodes · 144 E-cores
P5
Long-Term Memory
NVMe Storage
Enclave · Stratum immutable object
850+ nodes · ransomware-resistant
P6
Media & Acceleration
RTX 4500 BSE · Alveo MA35D
Four tiers · GPU + FPGA + CPU
2,150+ nodes · 4K/8K hardware acceleration
P7
Edge Reflex
Qualcomm Cloud AI 100 Ultra
Ultra-low-latency edge inference
2,000+ nodes · sub-10ms response
P8
Coordination Layer
AmpereOne A128
Orchestra · Chorus routing · agents
2,400+ nodes · 128 ARM cores
P9
Nervous System
Cisco 8000 · Palo Alto · Arista
Routing · firewall · dual fabric
3,500+ devices · ConnectX-7 NICs
04 / Detection Model

Six layers. One tamper-proof audit chain.

Every detection, alert, response action, and AI-generated finding anchors cryptographically to Chrysalis. CrowdStrike, Splunk, Sentinel, and QRadar cannot make that guarantee.

  1. 01
    Detection source
    Six parallel signal sources: PA firewalls, Wazuh endpoints, Cortex XDR, Wazuh SIEM, AI intelligence, and privileged access feeds from Witness.
  2. 02
    Anchoring layer
    Every detection, alert, response action, and AI finding anchors on Chrysalis — tamper-proof chain of custody independent of Parinita's own infrastructure.
  3. 03
    AI correlation
    MI350P runs Parinita GPT for incident narrative synthesis, anomaly scoring, and predictive detection. Shield agent correlates across all six layers.
  4. 04
    Insider threat signal
    Multiple sessions from different IPs under one identity, pre-exfiltration data staging, off-hours commands against role baselines — all continuously monitored.
  5. 05
    Compliance framework
    HIPAA, SOC 2 Type II, PCI-DSS, CMMC, FedRAMP, NERC CIP, SEC 17a-4, GDPR — every control maps to Chrysalis transaction hashes.
  6. 06
    Jurisdiction constraint
    Wazuh SIEM at every POP keeps telemetry in jurisdiction. No data crosses jurisdictional boundaries for detection processing.
  7. 07
    Evidence independence
    Compliance packages generated by querying Chrysalis directly — auditors verify independently without accessing Parinita systems.
  8. 08
    Response chain
    Secure feeds Overwatch for cross-domain response. Directives issue simultaneously across Sentry, Secure, and noBGP within sub-second.
python
import secure

client = secure.Client(seat_token='your_seat_token')

# Stream detections from all six layers
for detection in client.detections.stream():
    print(f"Source: {detection.layer}, Severity: {detection.severity}, Chain: {detection.chrysalis_tx}")

# Generate compliance evidence package
package = client.compliance.generate(framework='soc2_type2', period='2026-Q1')
print(f"Controls mapped: {package.control_count}, Report hash: {package.chrysalis_tx_hash}")
05 / Proof

Proven at scale. Not in a lab.

Parinita AI Edge is the production deployment of the Parinita platform and the largest heterogeneous AI infrastructure deployment in the United States.

Reference Deployment

Parinita AI Edge

The most complex heterogeneous AI infrastructure in the United States. 101 sites, 9 planes, 12,000+ nodes, 4 accelerator vendors, dual network fabrics, four-layer tenant isolation — all through a single sovereign control plane.

101
Points of Presence
4 tiers: T1 (32), T2 (29), T3 (19), T4 (21)
909+
K8s Clusters
101 sites x 9+ plane types
12K+
Compute Nodes
Supermicro, Dell, Ampere, Cachengo
4
Accelerator Vendors
Intel Habana, NVIDIA, AMD, Qualcomm

Network & Security Infrastructure

2,491+
Cisco Switches
+ 303 routers (EVPN-VXLAN)
1,734+
Arista Switches
Lossless GPU backend fabric
367+
Palo Alto Firewalls
PA-5580/PA-5560 series
152+
Petabytes Storage
NVMe over RDMA
  • Multi-vendor accelerators
    Four accelerator vendors — Intel Habana, NVIDIA, AMD, Qualcomm — orchestrated through one control plane with unified scheduling, monitoring, and lifecycle management.
  • Dual-fabric networking
    Cisco production fabric and Arista GPU backend fabric operating as a coordinated system, bridged by identity-aware routing.
  • Nationwide scale
    101 sites across 42 U.S. states, each operating autonomously with a local control agent and a sovereign cross-site routing plane.
  • Multi-tenant isolation
    Four-layer defense-in-depth: VXLAN VNIs, identity-routing, Palo Alto firewalls, and Cilium eBPF — validated across every plane and site.
  • Compliance readiness
    FIPS 140-2 at launch, with FedRAMP Moderate, CJIS, and IL4/IL5 certification paths active through Parinita compliance profiles.
  • Sub-millisecond routing
    Every request classified and dispatched in under 1ms, enabling real-time SLA enforcement without perceptible overhead.
06 / Use Cases

Required when detection evidence may end up in legal proceedings.

Secure is most valuable when chain-of-custody is a hard requirement — regulated industries where detection evidence has legal, regulatory, or evidentiary consequences.

Jurisdictions that cannot ship security telemetry to US-hosted SIEMs are a primary use case — Secure runs at the edge, in jurisdiction, with no external dependency.

  • Regulated Industries

    Healthcare, finance, and defense organizations where detection evidence may end up in legal proceedings and chain of custody is a hard requirement.

  • Sovereign Jurisdictions

    Deployments that cannot ship security telemetry to US-hosted cloud SIEMs due to data residency law or classification requirements.

  • Compliance-First Security Teams

    Organizations under HIPAA, SOC 2 Type II, CMMC, FedRAMP, or NERC CIP that need tamper-proof evidence packages auditors can verify independently.

  • Insider Threat Programs

    High-value environments where privileged credential abuse is a primary risk — finance, defense, and pharma organizations with sensitive data planes.

  • AI-Era SOC Teams

    SOC analysts who need AI-generated MITRE ATT&CK kill-chain narratives they can trust — with cryptographic chain of custody on every AI-generated finding.

07 / Getting Started

Deployment Models

Secure deploys as a platform-level service — the six-layer stack activates as part of the Parinita fabric. No separate XDR or SIEM provisioning required.

Platform-Level Activation
No Separate Provisioning

Secure activates as part of the Parinita fabric. PA firewalls are factory-configured, Wazuh deploys with Instrument, Cortex XDR activates on node registration.

Compliance Evidence on Demand
Query Chrysalis Directly

Generate HIPAA, SOC 2, CMMC, and FedRAMP evidence packages by querying Chrysalis via Besu JSON-RPC. Every control maps to transaction hashes.

SOC Integration
Shield Agent Narratives

Shield agent on Planes 3 and 8 produces MITRE ATT&CK kill-chain narratives from correlated Cortex, Wazuh, and Witness events for analyst review.

08 / Get Started

Talk to Us

Our security team can walk through Secure's chain-of-custody architecture and compliance evidence generation for your specific regulatory requirements.