Hoplite Active Network Defense is a SIEM/SOAR platform designed for threat detection, automated response, and compliance visibility across on-premises, cloud, and hybrid cloud environments. The platform supports Amazon Web Services, Microsoft Azure, and other public cloud providers. The system uses a modular, scalable two-tier architecture with intelligent sensors that collect and normalize data from various environments. These sensors deploy natively into physical, virtual, and cloud infrastructures to monitor networks, collect logs, and gather information about deployed assets. Active Network Defense receives continuous updates from the Hoplite Threat Intelligence Platform, which delivers over 1 million threat indicators daily. The platform uses patented threat detection algorithms and AI to analyze raw network traffic and application event data. The platform includes centralized cloud security management, correlation, analysis, security automation, alerting, log management, and reporting capabilities. Sensors are available for multiple environments including AWS (with CloudTrail, S3, and ELB log monitoring), Microsoft Azure (with Azure Insights and EventHub integrations), Microsoft Hyper-V, VMWare ESXi, and physical infrastructure. The platform provides AWS-native intrusion detection and vulnerability assessment, along with network and host IDS monitoring for on-premises environments. Sensors can be configured to handle over 10,000 events per second and can be deployed in-band or out-of-band.