System Status

Threatstealth Platform Status — Live Operational Status

Real-time operational status for all Threatstealth platform components — API gateway, web console, authentication service, WAF engine, EDR telemetry pipeline, and compliance monitoring. 99.97% average uptime over 30 days.

• API Gateway — HTTPS availability and response latency for all REST API endpoints
• Web Console — dashboard availability and frontend asset delivery status
• Authentication service — login, MFA verification, and token refresh availability
• WAF engine — ModSecurity rule processing and traffic inspection pipeline status
• EDR telemetry — agent check-in pipeline, alert processing, and response action delivery
• Compliance monitor — continuous control check execution and evidence collection pipeline

Platform Component Architecture and Dependency Map

The Threatstealth platform is composed of independent service components that can degrade individually without causing full platform outage. The API Gateway handles all API traffic routing and authentication token validation. The web console is a static React SPA served from a CDN-backed origin that can continue functioning for cached users even during API gateway degradation. The authentication service handles login flows, MFA verification, and session token issuance — it is the highest-impact dependency because authentication failure prevents new user sessions. The WAF engine, EDR telemetry pipeline, and compliance monitoring service are independent from each other and from the console, allowing security operations to continue even if reporting interfaces are degraded.

• API Gateway — central traffic routing and authentication validation, highest-impact service for API availability
• Web Console CDN — static asset delivery via CDN continues serving cached content during origin issues
• Authentication service — session management and MFA verification, critical path for new user logins
• WAF engine — independent rule processing pipeline continuing protection during console or API degradation
• EDR telemetry — agent check-in and alert processing pipeline independent of web console availability

Uptime SLA Definitions and Measurement Methodology

Threatstealth defines platform uptime as the percentage of minutes in a calendar month during which the API gateway returns successful responses to synthetic health check requests. Partial degradation — where the API gateway is available but specific services are degraded — is classified by severity: P1 (complete outage), P2 (significant degradation affecting security operations), and P3 (minor degradation with workarounds available). The contractual uptime SLA for Professional plan customers is 99.9% monthly uptime (approximately 43 minutes of allowed downtime per month). Enterprise plan customers receive a contractual 99.99% SLA (approximately 4.4 minutes per month) backed by service credit commitments.

• Uptime measurement — synthetic health check requests to the API gateway measured every 60 seconds
• Professional plan SLA — 99.9% monthly uptime (43 minutes allowed downtime per calendar month)
• Enterprise plan SLA — 99.99% monthly uptime (4.4 minutes allowed downtime per calendar month)
• SLA credit schedule — service credits applied automatically for SLA breaches without customer claim requirements
• Partial degradation classification — P1/P2/P3 severity tiers for distinguishing complete outage from degraded service

Incident Response, Communication, and Post-Mortem Process

When a platform incident is detected — either through automated monitoring or customer report — the Threatstealth on-call engineer acknowledges the alert within 5 minutes and begins diagnosis. For P1 and P2 incidents, a status update is published to the status page within 15 minutes of detection, with subsequent updates at 30-minute intervals until the incident is resolved. Customer notifications are sent via email to all technical contacts for the affected organisations. Following resolution of any P1 or P2 incident, a post-mortem document is published on the status page within 5 business days — describing the root cause, timeline, impact scope, and preventive measures implemented to prevent recurrence.

• 5-minute on-call acknowledgement — automated alert and manual acknowledgement target for all P1 and P2 incidents
• 15-minute status page update — first status update published within 15 minutes of P1/P2 incident detection
• 30-minute update cadence — status updates every 30 minutes during active P1/P2 incident investigation
• Customer email notification — direct email to technical contacts for all P1 and P2 incidents within 15 minutes
• Post-mortem publication — root cause analysis published on status page within 5 business days of P1/P2 resolution

Historical Uptime Performance and Maintenance Windows

Threatstealth publishes a rolling 90-day uptime history for each platform component on this status page, providing customers and prospects with objective visibility into actual platform reliability rather than committed SLA targets alone. Planned maintenance windows are scheduled outside peak business hours — typically Saturday between 02:00 and 06:00 UTC — with minimum 72 hours advance notice published to the status page and emailed to technical contacts. Emergency maintenance (for critical security patches) may be deployed without the standard notice period, in which case notification is sent as early as operationally possible. Historical incident records are retained and searchable for 12 months.

• 90-day uptime history — rolling per-component uptime history published publicly on this status page
• Planned maintenance windows — Saturday 02:00–06:00 UTC with 72-hour minimum advance notice
• Emergency maintenance process — critical security patches deployed without standard notice with maximum available warning
• 12-month incident history — all past incidents with timeline, impact, and root cause searchable for one year
• Maintenance calendar — upcoming planned maintenance windows visible in advance on the status page calendar