A modular, skill-based autonomous Security Operations Center (SOC) agent that monitors OpenSearch/Elasticsearch data, builds RAG-based behavioral memory, and validates real-time anomalies using LLMs.

Find relevant incidents, logs, events, and alerts to all of your incidents. [Attack Flows, Attack Chains, & Root Cause Discovery - NO LLMs, NO Queries, Just Explainable Machine Learning] >> Use it for free here: https://app.cypienta.io

ICS Incident Response Automation Framework Python framework for executing automated incident response playbooks in ICS/SCADA environments. Supports network isolation, forensic preservation, logic restoration, and safety system interventions. Designed for defenders, researchers, and red team simulations in operational technology networks.

CABTA (Blue Team Assistant) - AI-Powered SOC Platform for Threat Analysis, IOC Investigation & Email Forensics

Blackhat 2025 presentation and codebase: AI SOC agent & MCP server for automated security investigation, alert triage, and incident response. Integrates with ELK, IRIS, and other platforms.

Autonomous agentic threat hunting playbook executor for SOC/DFIR pros. Runs YAML playbooks against forensic logs with local LLMs (Ollama) for intelligent correlation, triage, ATT&CK mapping, and automated reporting. Offline-first, DuckDB-powered.

No description provided.

Building one Solution for Threat management and detection for you network with Open source SOC solution.

🛡️ Explore hands-on cybersecurity projects designed for learning and experimentation with offensive and defensive tools, automation scripts, and real-world tactics.

ALX System Engineering & DevOps portfolio with cybersecurity enhancements. Bash automation for log analysis, system hardening, incident response, zero-trust SSH, compliance auditing (CIS/NIST), threat hunting, and DevSecOps pipelines. Proven SOC analyst toolkit – built on Ubuntu 20.04.

AI-powered SIEM alert triage assistant for SOC analysts: classifies, prioritizes, and recommends response actions.

AI-powered security alert triage system with multi-source threat intelligence, intelligent caching, and REST API for SIEM/SOAR integration

🛡️ CyberSentinel – Threat Intel + Log Correlation Dashboard. An analyst-grade security tool that ingests threat intelligence, parses SSH/Apache logs, correlates IOCs, and generates real-time alerts.

Open-source SOC system that monitors your Linux server in real-time, automatically detects and blocks threats using Groq AI and Telegram Bot integration.

Enterprise-style SOC Detection & Response lab built using Wazuh SIEM, featuring MITRE ATT&CK aligned detections, alert triage, and evidence-based investigations across Windows and Linux endpoints.

Autonomous AI SOAR platform. Utilizes Llama-3 Agentic Reasoning, PII Redaction, and Policy RAG for real-time, zero-touch security incident triage and automated host containment.

An extensible IOC extraction engine for PE binaries and text, built for SOC automation and modern threat‑analysis pipelines.

Master n8n workflow automation from beginner to expert level. 90-day structured learning path with real security use cases, sample workflows, and hands-on projects for Network Security Engineers and SOC teams. Build SOAR-like systems using n8n.

Security Operations suite

A machine learning framework for triaging security alerts and reducing SOC analyst fatigue.

AI-powered SOC automation tool that analyzes security logs with LLMs and triggers automated incident response actions.

A privacy-first, local AI assistant for SOC analysts and threat hunters. Features a RAG-based chat using the MITRE ATT&CK dataset, automated PDF threat report summarization, and IoC extraction. Powered by local LLMs (Phi-3/LLaMA 3 via Ollama) to ensure no data leaves your device.

SOC automation template: alert ingest → LLM triage → ATT&CK mapping → playbook selection → HITL approval

SentinelForge is an autonomous AI-powered security platform providing real-time detection and response for advanced cyber threats. It features an AI SOC supervisor, ransomware protection, and network forensics to ensure robust, automated security.

🛡️ High-fidelity SOC Automation POC. Integrates Wazuh SIEM with Telegram ChatOps for real-time threat detection, enrichment (AbuseIPDB), and Active Response (A.P.I Concept).

Secure Bash automation tool for SOC and sysadmin updates on Ubuntu and Pop!_OS. Enforces hardening, logging, and compliance.

Comprehensive Threat Hunting & DFIR Toolkit for Windows/Linux. Automates artifact collection, triage, and analysis with KAPE, Hayabusa, and Volatility.

SOC automation pipeline using Shuffle SOAR and TheHive. Splunk detects threats and automatically triggers Shuffle via webhook for alert triage.

Real-time malware detection and automated remediation using Wazuh SIEM, VirusTotal API, and custom PowerShell scripts.

PurpleLens is a Python-based AI-assisted SOC analysis tool that ingests security artifacts and produces structured, evidence-backed analyst reports.