Quick Start · Documentation · SIRP Platform
Agentic SOC Platform is an open-source security operations platform built on Agentic AI — free your security team from alert fatigue and focus on real threats.
The Module framework continuously consumes SIEM alerts, automatically extracts IOCs and correlates them — reducing millions of logs to just a handful of actionable cases.
LLM auto-generates structured investigation reports — verdicts, attack chains, IOCs, and remediation advice in seconds, not hours.
Playbooks support one-click execution of case investigation, knowledge extraction, and threat intelligence enrichment — let AI handle the complexity while analysts focus on decisions.
Manage ELK, Splunk and other SIEM indices through a single YAML configuration. One API to search across all backends — LLM and analysts never need to worry about the underlying differences.
When artifacts are created, threat intelligence providers are queried automatically. Reputation scores, pulse information, and malware context are attached to IOCs to accelerate analyst judgment.
Integrated with Claude Code via MCP protocol, providing professional security agents and skills — operate cases, search logs, and write modules directly from within an AI agent.
Automatically extract reusable security knowledge from closed cases, continuously building an organizational knowledge base that makes future investigations faster and more accurate.
MIT licensed, fully on-premise deployment — your data never leaves your network. Modules, plugins, and playbooks are all Python scripts with zero technology stack barriers.
Agentic SOC Platform has joined 404Starlink