NIS2 + ISO 27001 · managed cloud or self-hosted · your data stays in the EU

One place to run, secure, and prove it all.

Lulu is the operational center for the teams who keep everything running — monitoring, endpoint security, on-call, and continuous NIS2 & ISO 27001 evidence, under one login, one set of permissions, one predictable bill. Ask it anything in plain language and it gets done.

One place to run + secure + proveEndpoint security includedOn-call built inEU-built, your data your rules
One place to run + secure + prove Endpoint security included On-call built in EU-built, your data your rules Compliance evidence auto-generated AI control plane Transparent pricing
The platform

One place to run, secure, and see everything.

The operational center puts your whole team on the same screen — monitoring, security, on-call, and compliance — so nothing is hidden and nobody is guessing.

01
See everything that happens
Every metric, log, and process from every machine, in one view. Spot a slow service, trace a request end to end, or find the host that broke.
Hosted checksLive requestsFull coverage
02
Follow every request end to end
Watch a slow request flow through all your services on a full-journey map, with logs, connections, and metrics tied together.
Request timelineService mapLive traces
03
Catch what should not be leaving
See every connection your machines make: who is talking to whom, what data is moving, and what looks unusual, in seconds.
Real-time flowsThreats spottedData loss caught
04
Know your cluster, inside out
Inventory every pod and node, see how they talk to each other, drop into a container with one click, or edit a config without leaving Lulu.
Live terminalsService mapConfig editor
05
Spot breach techniques in real time
Detect what attackers actually do, not just a signature. Lulu learns your normal, then alerts only on the genuinely unusual.
Technique detectionLearned baselineIncident ready
06
Page the right person at 3am
One alert storm becomes one incident, routed to your on-call rotation and escalated through a ladder if no one answers. No separate paging tool.
Smart correlationEscalationClear ownership
07
Prove compliance as you go
Every threat you detect, every change you make, every control you check, automatically scored against NIS2 and ISO 27001. Your evidence builds itself.
Auto-evidenceIncident trackingAudit-ready
08
Ask it to get things done
Tell the AI assistant what you need. It runs the right commands, answers questions with cited sources, and logs every action.
Plain languageCited answersFully audited
09
Trust and control on your terms
Role-based access, encrypted secrets, a full audit trail, and your choice of where the data lives: our cloud or your own infrastructure.
Your rulesEU-builtFully audited

The regulation is here

The regulation already applies to you. The deadline is the only thing left.

NIS2 and ISO 27001 are enforced now. Lulu turns them into day-to-day workflows so your evidence builds itself — no separate compliance team required.

  • Deadlines that do not slip
    Every incident ticks toward its 24h / 72h / 30-day reporting deadline. Lulu tracks them and generates your CSIRT report when it is due.
  • Evidence that proves itself
    Every threat you find, every change you make, every control you check, attached automatically to the incident and the audit file.
  • From breach to audit trail in one view
    A detected threat becomes a tracked incident with evidence and outcome, then a record in your compliance file. No copy-paste between tools.
  • One control engine, two frameworks
    Evidence you collect for NIS2 pre-fills your ISO 27001 Statement of Applicability. Both auditors see the same truth.

AI control plane

Ask, and it's done.

Tell the AI assistant what you need in plain language. It creates monitors, answers compliance questions with cited sources, opens incidents, and runs commands — all within your team's permissions, all audited.

  • Speak in plain language
    Ask it to "alert me if memory spikes on Kubernetes" or "show me attacks on production this week" — no query syntax, no menu hunting.
  • Respects your permissions
    The assistant honors your roles. A junior teammate can ask, but cannot run what is outside their access. Every action is audited.
  • You decide, it executes
    The assistant proposes what to do, you review and approve, then it runs the commands. Full control, no surprises.

What are our incident-reporting deadlines under NIS2, and where is that defined?

Three deadlines run from the moment you become aware of a significant incident: an early warning within 24 hours, an incident notification within 72 hours, and a final report within one month. They're set out in Article 23(4):

“…(a) an early warning … without undue delay and in any event within 24 hours … (b) … an incident notification … within 72 hours …” — illustrative excerpt

Art 23(4)Directive (EU) 2022/2555 · EUR-Lex ↗

deterministic floor, AI ceiling — verbatim & cited, never fabricated

Endpoint security built in

A breach starts on one machine. We watch every machine.

Every machine you monitor is covered. The endpoint agent watches deeply, learns what is normal for you, and stays quiet on baseline noise — so you see real threats, not false alarms.

  • Installed by default
    Endpoint security is built in from day one — no extra agent to deploy, no separate bill, no added complexity.
  • Learns your normal, stays quiet on it
    Every machine builds its own baseline. What is normal for your apps never pages you — so you only hear about what actually matters.
  • One attack pattern, one alert
    See the same technique on three machines and you get one clear signal, not three separate noise alerts.

Incident response

When something breaks at 3am, the right person already knows.

One alert storm becomes a single incident, routed to whoever is on call. If they do not answer, it escalates — automatically. Paging and incident response are built in, not a separate tool you wire up.

  • Storms collapse into one incident
    Dozens of alerts from the same root cause become one clear incident, so you respond to the problem, not the noise.
  • The right person, paged in seconds
    An alert fires, the on-call schedule is checked, and the primary is notified over chat, SMS, or email. No answer in a few minutes? It moves to the backup.
  • Nothing extra to buy
    Rotations, escalation, and acknowledgements are part of the platform. One bill, one login, no paging add-on.
Trust & sovereignty

Your data, your infrastructure, your call.

Your infrastructure or ours
Start on EU-managed cloud, or run the whole platform on your own servers. Same codebase, same features, your choice of where the data lives.
Secrets never exposed
Every credential is encrypted at rest, fetched for a single action, then gone from memory. Built for teams that handle real secrets.
See everything that matters
Every login, every rule change, every command — in the audit log, encrypted end to end, so the record of what happened cannot be quietly erased.
The difference

Everything on one screen. Nothing hidden in a silo.

Every team sees the same data — no separate tool for security, no blind spot between monitoring and response, no secrets scattered across five places.

OPERATIONAL CENTER
See every machine, every request, every connection
Trace a request from entry point to database and back
Catch breach techniques in real time, without false alarms
Inventory and manage your whole cluster
Page the right person when it matters
Prove compliance as you go: NIS2 and ISO 27001
Control access, encrypt secrets, audit everything
One login, one bill, no integrations to maintain
01Metrics, tracing & APM toolobservability
+ integration glue
02EDR / security agentdetection
+ integration glue
03Synthetic / uptime toolexternal
+ integration glue
04K8s observability stackkubernetes
+ integration glue
05On-call / paging toolincident
+ integration glue
06GRC spreadsheetcompliance

Pricing

One place to run, secure, and prove it all.

Per-org, not per-host. One login, one set of permissions, one predictable bill. Start free with a full-featured 14-day trial, scale to a flat monthly price, or bring your own infrastructure.

Free

Get started, see the value.

€0/ forever
  • Up to 5 machines · 1 workspace · 3 members
  • Monitoring + endpoint security (detection)
  • Alerts + notification channels
  • Agent-run synthetic checks
  • AI assistant (fair-use) + 1 GB managed logs
  • 14-day full-feature trial · community support
Start free

Compliance

NIS2 & ISO 27001 ready.

from €799/ month
  • Everything in Team
  • Live NIS2 & ISO 27001 evidence
  • Single sign-on + advanced access control
  • 10 GB managed logs + metered overage
  • Priority support + SLA · onboarding · self-hosted

Your data, your infrastructure, your call.

Managed cloud or self-hosted, EU-built, with encrypted secrets and a full audit trail. Sovereignty is the default. Start free, or book a demo to see the compliance workspace in action.