One common
operational picture
across cyber and physical.
We integrate drones, CCTV, sensors, and SOC detections into the TAK ecosystem — ATAK, WinTAK, iTAK, and WebTAK — so disaster response, border, and critical-infrastructure teams operate from a single live map. Built by the team behind simpliSOC.
What we build across the TAK stack
From the server core out to every device on the edge. We work with the open TAK protocol (CoT) and the official TAK Product Center clients — no proprietary lock-in.
TAK Server
Core · FederationDeployment, certificate authority setup, federation with partner servers, group-based access control, mission packages, and high-availability hardening for on-prem or sovereign cloud.
- Provisioning, CA, and client enrollment
- Federation across agencies and partners
- Mission packages, data sync, video routing
- Sovereign on-prem or air-gapped deployment
CoT Bridges
Custom · Python · GoThe connective tissue. We translate proprietary feeds — drone telemetry, RTSP video, NVR events, ANPR cameras, AIS, ADS-B, SCADA alarms — into signed CoT messages and forward them to TAK Server.
- Drone & UAV telemetry → live track on map
- CCTV / NVR analytics → CoT alerts with thumbnails
- AIS, ADS-B, GPS trackers → asset tracking
- SCADA / fence sensors / IoT → CoT events
ATAK / WinTAK Plugins
Android · Windows · iOSNative plugins for ATAK (Android), WinTAK (Windows ops centers), iTAK (iOS), and WebTAK. We add custom map layers, overlays, video tiles, mission-specific dialogs, and team workflows tailored to your standard operating procedures.
- Custom ATAK plugins (Java / Kotlin)
- WinTAK extensions (.NET) for command centers
- Local map caches & SEA tile services
- Custom data products & mission overlays
SOC × TAK Convergence
Wazuh · IRIS · ShuffleOur signature. Cyber detections from Wazuh become geolocated CoT events in ATAK; physical incidents observed in TAK push back into IRIS as cases. One operating picture for the SOC analyst, the operations director, and the team on the ground.
- Wazuh alerts → CoT events on the map
- TAK incidents → IRIS cases with full geo context
- Shuffle playbooks bridge the cyber-physical divide
- Same engineering team that ships simpliSOC
From sensor packet to operator's screen
A standards-based pipeline you can audit, federate, and extend — not a black box. Every link uses open protocols: CoT over TLS, REST, MQTT, or WebSocket.
Sense
Drone telemetry, RTSP video, AIS, ADS-B, GPS trackers, fence and perimeter sensors, NVR alerts, ANPR cameras, SCADA alarms.
Translate
A FastAPI / Python or Go CoT bridge normalizes each feed into signed Cursor on Target messages, then forwards them to TAK Server over TCP/TLS.
Route
TAK Server authenticates clients via certificates, places them into mission groups, federates with partner servers, and distributes CoT to only the teams that need to see it.
Act
Field teams see tracks, alerts, and overlays in ATAK / iTAK; the ops center coordinates in WinTAK or WebTAK; commanders annotate, route, and dispatch — all on the same live map.
Component flow in detail
How edge sensors, the CoT bridge, TAK Server, clients, and the SOC stack connect — and where the cyber-physical bridge sits.
vendor → CoT XML"]:::bridge SIGN["Sign + enrich
(callsign, group, type)"]:::bridge FWD["TCP/TLS forwarder
to TAK Server"]:::bridge end TS["TAK Server
auth · groups · federation"]:::tak subgraph C["TAK clients"] direction TB ATAK[ATAK · Android]:::client WT[WinTAK · Windows]:::client IT[iTAK · iOS]:::client WB[WebTAK · Browser]:::client end subgraph SOC["SOC stack (simpliSOC)"] direction TB WZ["Wazuh
detections"]:::soc IR["IRIS
case mgmt"]:::soc SH["Shuffle
SOAR"]:::soc end DR --> NORM CCTV --> NORM GPS --> NORM IOT --> NORM NORM --> SIGN --> FWD FWD -->|CoT/TLS| TS TS -->|CoT/TLS| ATAK TS -->|CoT/TLS| WT TS -->|CoT/TLS| IT TS -->|WebSocket| WB WZ -->|alert → CoT| SIGN TS -->|CoT → case| IR SH <-->|playbooks| TS
TAK for the missions we actually see in SEA
We're based in Bangkok. These are the operational pictures we've designed for in the region — disaster response, border, energy, maritime, and estate security.
Disaster response (DDPM-style)
Flood, earthquake, and wildfire response across multiple provinces. Drone overflights, vehicle tracking, evacuation zones, shelter locations — federated to inter-agency partners on a shared map.
Border & jungle operations (BPP-style)
Patrol track-of-interest, fence-breach sensors, ANPR at checkpoints, off-grid radio relays. TAK on rugged Android devices with cached offline maps for terrain with no cellular coverage.
Critical infrastructure (EGAT / PTT-style)
Power transmission, pipelines, substations. Fence sensors, perimeter CCTV with analytics, drone inspections, and SCADA alarm overlays — fused with simpliSOC cyber events on a unified map.
Maritime & Gulf operations
Offshore rigs, supply vessels, harbor security. AIS ingestion, coastguard coordination, weather overlays, dark-vessel detection — pushed to vessel bridges and shore ops simultaneously.
Plantation & estate security
Palm, rubber, and sugar estates across SEA. Patrol vehicle tracks, anti-theft CCTV alerts, fire-detection drones, and worker safety check-ins on a single estate-wide command picture.
Search & Rescue (SAR)
Mountain and maritime SAR. Searcher tracks, search-pattern overlays, drone scan tiles, last-known-position markers, and team-to-team coordination across volunteer and government units.
Don't see your mission?
Scoping calls freeTAK is mission-agnostic. If you have field teams, sensors, and a coordinator who needs a live picture, we can almost certainly help. Tell us the geography, the constraints, and what "good" looks like — we'll come back with a thin-slice integration plan.
The cyber-physical command picture nobody is shipping
Most TAK integrators stop at drones, video, and tracking. Most SOC vendors stop at log files. Cyber and physical security teams sit in different rooms, looking at different screens, missing the same incident.
We connect them. A Wazuh detection — say, an authentication brute-force on a substation HMI — becomes a CoT event pinned to the substation on the ATAK map, visible to the response team in real time. A TAK-observed perimeter breach becomes an IRIS case with the camera, the drone scan, and the GPS track already attached.
It's the same engineering team that builds and operates simpliSOC. That's not a marketing claim — it's the reason the bridge works.
Talk to us about a converged command pictureA Wazuh rule fires on an OT network. The SOC integrator publishes a CoT event with location, severity, and asset context. ATAK shows a flashing marker exactly where the incident lives in the real world.
A field analyst pins an incident in ATAK. A bridge listener writes it to IRIS as a case with geo, video frames, and on-scene team callsigns attached — and Shuffle kicks off the notification playbook.
How we work with you
Readiness assessment
2-week engagement. We audit your existing sensors, networks, command rooms, and procurement constraints, then deliver a TAK adoption plan with realistic effort, cost, and risk estimates.
Bridge build
Fixed-scope delivery of a CoT bridge for one or more sensor types. Source available, full handover, plus a Wazuh-style runbook so your team can extend it without us.
Plugin engineering
ATAK / WinTAK plugins for mission-specific workflows. Custom dialogs, overlays, video tiles, offline map regions for your AO — everything signed and packaged for your TAK Server's app store.
SOC × TAK convergence
Two-way bridge between simpliSOC (Wazuh / IRIS / Shuffle) and your TAK Server. Cyber detections become geolocated CoT; physical incidents become IRIS cases with full context. Our signature offering.
Sovereign hosting
On-prem or sovereign-cloud TAK Server deployments with mTLS, federation, and HA. Air-gapped variants for sites with no internet. No data ever leaves your jurisdiction.
Operate & train
Managed-service operations and training for your dispatchers, field teams, and admins. We can run the server, monitor the bridges, and rotate certificates while your team focuses on the mission.
Writing about what we ship
The TAK explainer that brought you here, plus the SOC engineering posts behind the convergence story.
How the TAK System Works: A Complete Guide for Real-Time Situational Awareness
The full primer — what TAK is, what CoT does, how the server federates, and where ATAK / WinTAK / iTAK fit. The starting point for anyone evaluating the ecosystem.
Connecting TAK and Wazuh for Real-Time Threat Awareness
Our flagship engineering write-up. How cyber detections from Wazuh land as CoT events on the ATAK map — the technical pattern behind every SOC × TAK engagement we run.
How TAK Systems Are Transforming Border Security
Patrol track-of-interest, fence-breach sensors, ANPR at checkpoints, off-grid radio relays — what a TAK-based border picture actually looks like in practice.
How TAK Systems Transform Flood Disaster Response
Multi-agency flood response on a shared map: drone overflights, evacuation zones, shelter locations, and inter-agency federation. A DDPM-style operational picture.
Book a 30-minute scoping call
Tell us about your sensors, your teams, and the operational picture you wish you had. We'll come back with a thin-slice integration plan — no slideware, no boilerplate.
EN · TH · JA · ZH · KO welcome. Initial scoping calls are free; engagements scoped only after we understand the mission.