All features

Mobula · Customer Working Plan

Your SOC value,
visible to
the customer.

A live, per-customer worklist and findings board the customer can actually see - white-labeled with your brand. No more "what are we paying you for?" Mobula shows the work, continuously.

Live
Real-time updates
100%
White-labeled
Per
Customer isolated
Customer Portal / Acme Corp
Security Working Plan
Updated 2 minutes ago
4
Active
11
Closed
WP-014
Ransomware staging investigation
FIN-DB-03 · contained · full report pending
Investigating
WP-013
VPN brute-force - blocked automatically
18 attempts from 185.220.x.x · all blocked
Resolved
WP-012
Kerberoasting attempt - DC-01
Service account hardening recommended
Monitoring
WP-011
Phishing email campaign - 3 users targeted
Links blocked · no credentials compromised
Resolved
01

A live worklist. Updated every shift.

Every incident, investigation, and recommendation your SOC is working on appears on the customer's working plan in real time. They see the status, the priority, the analyst assigned, and the latest update - without being able to see other customers' data.

Working Plan / Acme Corp / Full view
WP-014
InvestigatingRansomware staging - FIN-DB-03
Service account svc-backup exhibited ransomware-staging behavior at 03:14. Server isolated. Evidence collection running. Full report within 24h.
Assigned: s.okonkwo · Updated: 2 min ago · Priority: Critical
WP-012
MonitoringKerberoasting attempt - DC-01
Credential attack detected and blocked. Monitoring for further activity. Recommend service account password rotation within 48h.
Assigned: m.chen · Updated: 1h ago · Priority: High
WP-010
In ProgressSecurity hardening review - Q2 recommendations
Following last quarter's audit, implementing MFA enforcement on all admin accounts and reviewing firewall rule set for unused open ports.
Assigned: r.haddad · Updated: 3h ago · Priority: Medium
WP-009
MonitoringImpossible travel alert - m.davis account
Login from Chicago and London within 40 minutes flagged. Confirmed legitimate (travel confirmed by HR). Monitoring for further anomalies.
Assigned: p.alvarez · Updated: 6h ago · Priority: Low
WP-013
ResolvedVPN brute-force - 18 attempts blocked
All attempts originated from known Tor exit nodes. Automatically blocked by NGFW rule. No credentials compromised. Source IPs blacklisted.
Closed by: m.chen · 2026-06-23 08:41 · Priority: High
02

Security findings, explained in plain language.

Every significant finding gets a customer-facing write-up: what was found, why it matters, and what your SOC did or recommends. No jargon. No raw alert data. Just clear, actionable security intelligence.

Findings Board / Acme Corp
Critical Finding2026-06-24
Ransomware staging detected on financial database server
Last night at 03:14, our systems detected a service account attempting to stage ransomware on your financial database server FIN-DB-03. The server was isolated within 4 minutes of detection - before any files were encrypted. No data was affected.
Action: Recommendation: password rotation for all service accounts with database access within 24 hours.
Active Finding2026-06-23
Credential attack targeting your domain controller
An attacker attempted to extract service account password hashes from your primary domain controller (DC-01) using a technique called Kerberoasting. The attack was detected and blocked. No passwords were compromised.
Action: Recommendation: rotate passwords for service accounts listed in the attached report and enable audit logging on DC-01.
Resolved2026-06-21
Phishing campaign targeted 3 employees
Three employees received targeted phishing emails impersonating your CFO. The malicious links were blocked before any clicks. No credentials were entered and no malware was downloaded.
Action: Recommendation: security awareness reminder to staff about impersonation phishing.
03

Your brand. Their portal.

The customer portal is fully white-labeled. Your logo, your colors, your company name - the customer sees your brand, not Mobula's. You look like a mature, enterprise-grade security operation from day one.

CyRay SecurityCustomer Portal
Security Working Plan
Active: 4 · Resolved: 11
11 / 15 items resolved this month
ShieldOps MDRCustomer Portal
Security Working Plan
Active: 2 · Resolved: 7
11 / 15 items resolved this month
What you can white-label
Company logoBrand colorsPortal domainEmail notificationsMonthly report headerCustomer-facing report PDFs
04

A monthly summary that answers "was it worth it?"

At the end of every month, Mobula generates a customer-facing digest: threats blocked, incidents worked, response times, and recommendations for next month. The customer gets proof of value on a schedule.

Monthly Digest / Acme Corp - June 2026
1,247
Threats blocked
15
Incidents investigated
4m 12s
Avg response time
This month at a glance
Critical incidents2
High severity5
False positives tuned32
Playbooks executed18
SLA compliance100%
Customer messages sent9
Open recommendations3
Next month priorities
1. Complete service account password rotation (from WP-012)
2. Enable MFA on all remaining admin accounts
3. Firewall rule review - 14 unused rules identified

Live portal · white-labeled · monthly digest

Turn your SOC work into
customer confidence.

When customers can see the work, they stop asking if it's worth it. Mobula gives you a professional, always-on window into your security operations - branded as yours, visible on their schedule.

Book a POCSee all features
Mobula SOAR · per-customer isolation · white-label ready