About

Built by an MSP, for MSPs

#

Hal was created by Bitstream, a managed service provider that has been in the trenches since 2003. Eight employees, roughly 100 clients, about 3,500 users, about 3,500 endpoints.

We couldn’t afford a SOC. Native alerts were siloed across a dozen admin portals. Existing SIEM products were either too expensive or had no AI. So we built the tool we needed.

We built the four-tier detection pipeline to give our eight-person team the coverage of a 24/7 SOC. Then we realized every MSP our size has the same problem.

Why We Built This

#

MSPs are drowning in admin portals. M365, Google Workspace, Entra ID, RMM, documentation platforms, network gear — each one has its own alerting, its own console, its own blind spots.

A suspicious sign-in in Entra ID doesn’t know about the forwarding rule in Exchange. A brute force attempt on a server doesn’t connect to the phishing alert in Google Workspace. The data exists, but nobody is correlating it.

Hal connects it all. One AI analyst that reads every log source, every five minutes, and tells you what actually matters.

Philosophy

#

• Code must be beautiful, elegant, simple, and correct. We don’t ship shortcuts.
• Deterministic logic over fuzzy heuristics. If a problem has a structured solution, we use it.
• Open detection rules, not a black box. You can read every Sigma rule we run.
• Guaranteed read-only. We stake our reputation on it.
• MSPs only. We focus where we’re the obvious choice.