Open-source AI-powered Security Operations Center — alert fusion, purple-team drills, agent-assisted triage, MITRE ATT&CK investigation. MIT-licensed, self-hostable.
-
Updated
Jul 18, 2026 - Python
Open-source AI-powered Security Operations Center — alert fusion, purple-team drills, agent-assisted triage, MITRE ATT&CK investigation. MIT-licensed, self-hostable.
Intelligent SOC automation framework powered by LangGraph multi-agent workflows for alert triage, correlation, and incident response
n8n workflow that pipes Wazuh SIEM alerts through Claude Haiku for AI triage. ~$0.001 per alert. Slack output with risk assessment + investigation commands.
SOC子引擎,基于agent-skills技术通过AI赋能SOC平台,对SOC告警进行研判、调查、响应。
ML-based SOC alert triage system using Random Forest to auto-classify alerts as True/False Positive — reducing analyst workload with real-time confidence scoring and live dashboard.
SOC analyst training platform for Wazuh — injects labeled attacks into a live manager; trainees triage in the real dashboard; auto-graded. Scripted virtual-endpoint lab included.
Hands-on cybersecurity portfolio featuring GRC, SOC/SIEM, Incident Response, and Automation projects. Includes risk assessments, Splunk log analysis, IR playbooks, and a full enterprise capstone case study.
AML triage prototype - This is a small Python prototype demonstrating how transaction monitoring alerts can be risk-scored and summarised for investigator review.
Hands-on SOC Analyst lab portfolio — alert triage, reporting, escalation, and workbook-driven investigations (30-day project)
SentinelForge: Autonomous SOC analyst platform with AI agents for alert triage, log correlation, threat hunting, and incident response.
OpsPilot Discord-native AI on-call team that triages alerts, creates safe PRs, and manages incidents automatically.
Our reusable, modifiable prompts and simple agents that are included within the Arcanna platform and invokable via Arcanna's AI Assistant
Event-driven, read-only AI agent that triages AWS GuardDuty findings on Amazon Bedrock and forwards verdicts to your SIEM.
SOC / DFIR investigations portfolio with hands-on lab cases covering SIEM alert triage, Phishing Analysis, Malware analysis, Endpoint detection, Network Analysis. Built to demonstrate practical SOC Analyst L1/L2 and DFIR skills.
SOAR alert triage automation — n8n + 5 threat intel APIs, composite risk scoring, MITRE ATT&CK mapping. Auto-triages phishing and IP/URL alerts.
SOC alert investigations, SIEM practice labs, and incident analysis exercises completed on LetsDefend.
SOC incident response simulation demonstrating alert triage, investigation steps, and incident documentation.
Splunk-based TryHackMe write-up covering alert triage, brute-force analysis, scheduled task persistence, and web shell investigation.
Python CLI that ingests alerts from CSV, Splunk, or Elasticsearch; enriches source IPs via VirusTotal and Shodan; scores priority with a 6-factor weighted model; detects correlated incidents and MITRE ATT&CK kill chains; and generates a self-contained HTML analyst report.
Add a description, image, and links to the alert-triage topic page so that developers can more easily learn about it.
To associate your repository with the alert-triage topic, visit your repo's landing page and select "manage topics."