A modular, skill-based autonomous Security Operations Center (SOC) agent that monitors OpenSearch/Elasticsearch data, builds RAG-based behavioral memory, and validates real-time anomalies using LLMs.

Find relevant incidents, logs, events, and alerts to all of your incidents. [Attack Flows, Attack Chains, & Root Cause Discovery - NO LLMs, NO Queries, Just Explainable Machine Learning] >> Use it for free here: https://app.cypienta.io

CABTA (Blue Team Assistant) - AI-Powered SOC Platform for Threat Analysis, IOC Investigation & Email Forensics

Blackhat 2025 presentation and codebase: AI SOC agent & MCP server for automated security investigation, alert triage, and incident response. Integrates with ELK, IRIS, and other platforms.

Autonomous AI Security Operations — 35 agents replacing $300K/year SOC teams for $50/year

Agentic memory for CTI: STIX knowledge graphs, threat actor alias resolution, offline-first RAG — MCP server for Claude Code

ICS Incident Response Automation Framework Python framework for executing automated incident response playbooks in ICS/SCADA environments. Supports network isolation, forensic preservation, logic restoration, and safety system interventions. Designed for defenders, researchers, and red team simulations in operational technology networks.

An extensible IOC extraction engine for PE binaries and text, built for SOC automation and modern threat‑analysis pipelines.

Autonomous agentic threat hunting playbook executor for SOC/DFIR pros. Runs YAML playbooks against forensic logs with local LLMs (Ollama) for intelligent correlation, triage, ATT&CK mapping, and automated reporting. Offline-first, DuckDB-powered.

Building one Solution for Threat management and detection for you network with Open source SOC solution.

ALX System Engineering & DevOps portfolio with cybersecurity enhancements. Bash automation for log analysis, system hardening, incident response, zero-trust SSH, compliance auditing (CIS/NIST), threat hunting, and DevSecOps pipelines. Proven SOC analyst toolkit – built on Ubuntu 20.04.

Rust stream processing engine for real-time detection. Open-source Apache Flink alternative built for detection engineering, fraud prevention, and MITRE ATT&CK coverage. 1.5M events/sec, single 15MB binary, no JVM.

🛡️ CyberSentinel – Threat Intel + Log Correlation Dashboard. An analyst-grade security tool that ingests threat intelligence, parses SSH/Apache logs, correlates IOCs, and generates real-time alerts.

AI-powered security alert triage system with multi-source threat intelligence, intelligent caching, and REST API for SIEM/SOAR integration

Open-source SOC system that monitors your Linux server in real-time, automatically detects and blocks threats using Groq AI and Telegram Bot integration.

Enterprise-style SOC Detection & Response lab built using Wazuh SIEM, featuring MITRE ATT&CK aligned detections, alert triage, and evidence-based investigations across Windows and Linux endpoints.

🛡️ Artemis: A high-fidelity OpenEnv benchmark for evaluating AI agents in realistic SOC triage and cybersecurity incident response scenarios.

Autonomous AI SOAR platform. Utilizes Llama-3 Agentic Reasoning, PII Redaction, and Policy RAG for real-time, zero-touch security incident triage and automated host containment.

Master n8n workflow automation from beginner to expert level. 90-day structured learning path with real security use cases, sample workflows, and hands-on projects for Network Security Engineers and SOC teams. Build SOAR-like systems using n8n.