Is AiSOC really open source?

Yes — the agent, the connectors, the detection rules, the benchmark dataset, and every piece of infrastructure code are MIT-licensed. There is no private fork.

What does the agent need to call out to?

By default the Triage and Hunt agents call an LLM provider you configure (OpenAI, Anthropic, Azure, Bedrock, or a private LiteLLM gateway). Set AISOC_AIRGAPPED=true and the platform refuses every outbound call; an Ollama sidecar runs a local model in-cluster.

Where does my data live?

Self-host: wherever you point Postgres, ClickHouse, and Redis. Managed: EU, US, or India region you pick at signup. Sovereign: a single-tenant VPC you control. The connector vault encrypts secrets with Fernet AES-128-CBC + HMAC-SHA256.

Can the agent take real-world action without a human?

Only inside the maturity tier you configure. L0 keeps the agent advisory only; L2 (the production default) lets it run reversible containment actions; L4 allows whitelisted closed-loop actions. Every action class is gated against blast radius.

How is this benchmarked?

Five pytest suites in services/agents/tests/ run on every PR. Three are substrate self-consistency gates; the fourth is a real measurement against a fixed 1,000-alert noisy stream; the fifth is a coverage gate on the synthetic telemetry corpus. The methodology page documents what each suite measures and what it does not.

How do connectors work?

Each connector is a Python class that declares a schema, tests its credentials, polls on a schedule, and normalises events into OCSF. 69 ship in the box. The plugin SDKs (Python, TypeScript, Go) let you author your own in roughly 50 lines.

Self-host Start free

Open-source MIT self-hostable

Hunt.

AiSOC is the open agentic Security Operations Center. Four named agents investigate every incident end-to-end, and every prompt, tool call, and rationale lands in a replayable ledger. Self-host in five minutes, take it air-gapped on a flag, or join the managed waitlist.

Start free on managed Self-host on GitHub

Watch a 90-second investigation

69 connectors · EDR · SIEM · cloud · IAM · SaaS · VCS · network
6,998 detections · 62 playbook packs · 57 plugins
Self-host · Render · Fly.io · Helm · Terraform · air-gap

Built on the open-source stack you already trust

LangGraphAgent runtime

Apache KafkaStreaming

Neo4jEntity graph

PostgreSQLSource of truth

QdrantVector store

OllamaLocal LLM

Design partners

Partner A
Partner B
Partner C
Partner D

Reference partners onboarding through Q2 2026

Why we built this

Your SOC is drowning in alerts.

Three problems compound every shift. AiSOC was built to dissolve them, not paper over them.

Alert volume is up. Headcount is not.
A typical mid-market SOC sees more alerts in a single shift than an analyst can read end-to-end, and the AI tools that promise to triage them ship as black boxes you cannot audit.
Context lives in eight tabs.
SIEM, EDR, cloud console, ticketing, chat, identity provider, on-call, runbook. Every alert is the same context-switch tax.
You cannot defend a verdict you cannot read.
When an autonomous tool closes an alert, your analyst, your manager, and your auditor all need to know exactly why. Most vendors do not show the rationale.

Four agents, one workflow

One agent for each stage of an incident.

AiSOC ships exactly four named agents — Detect, Triage, Hunt, and Respond. Each one has a fixed job, a published capability list, and a replayable audit trail. Sub-agents (phishing, identity, cloud, insider) are capabilities of Triage, never separate brands.

Detect

Fuse raw signals into incidents.

Capabilities: fusion · entity-risk (RBA) · native detections
Runs on: Deterministic · no LLM required

Triage

Decide what matters and how urgent.

Capabilities: LLM auto-triage · phishing · identity · cloud · insider
Runs on: OpenAI · Anthropic · Azure · Bedrock · Ollama · BYO endpoint

Hunt

Ask new questions across the data.

Capabilities: NL → ES|QL · KQL · SPL · scheduled YAML hunts
Runs on: Cloud LLM or local model

Respond

Plan containment, gate execution, approve via ChatOps.

Capabilities: response planner · SOAR exec · approvals
Runs on: L0–L4 maturity dial, dry-run by default

See it work

Watch AiSOC investigate a live ransomware incident.

INC-RT-001 is a LockBit 3.0 case that ships with every install. The ledger streams every prompt, tool call, and decision the agent made. Scrub the timeline, pause on any step, fork the rationale into a ticket.

aisoc.dev/cases/INC-RT-001?tab=ledger

Live

CriticalINC-RT-001·LockBit 3.0·step 14 of 32

#11Detect
fuse_signals(host=WS-RT-014)
→ 4 alerts → INC-RT-001
#12Triage
classify(family="LockBit 3.0")
→ confidence 0.93
#13Triage
enrich(user=oliver.tan, asset=WS-RT-014)
→ priv=admin · last login 03:21
#14Hunt
kql("SecurityEvent EventID=4688 …")
→ 38 process events · 7 lateral
#15Respond
plan(containment, dry_run=true)
→ pending L2 approval

Run this yourself in 5 minutes Read the architecture

What makes AiSOC different

Four promises we hold ourselves to.

Open source and transparent
MIT-licensed agent, public detection corpus, reproducible benchmark — every claim on this page maps to a file in the repo.
6,998
public detection rules
Read the LICENSE
Graph-native at ingest
The entity graph is written while events are normalised, not when an analyst clicks "show graph." Schema v1.0 is published.
17 + 14
node labels · relationships
Read the graph schema
Agentic and auditable
Four named agents. Every prompt, tool call, and decision is logged. The LLM-input contract fails closed on malformed prompts.
4 / 100%
agents · audited
Read the agent contract
Deploy anywhere
Render, Fly.io, Kubernetes, AWS, your air-gapped rack — same code path. BYOK LLM credentials in the encrypted vault.
6 + 1
deploy targets · air-gap overlay
Read the deployment guide

Detect & investigate

Fusion engine.
Real-time dedup, ML scoring, per-alert confidence.
Entity-risk rollup (RBA).
Time-decayed risk per user, host, IP, domain — 50:1 alert-to-incident.
Native detections.
6,998 YAML rules across cloud, endpoint, identity, network, application, and data-exfil.
Investigation Ledger.
Replayable, step-by-step record of every agent decision per case.
Attack-chain timeline.
Cytoscape over the Neo4j subgraph — see the path, not just the alerts.
Effective permissions.
What a principal can actually do across AWS, Azure, GCP, Okta, Google Workspace.

Hunt & respond

NL hunt at /hunt.
Ask in English. Get ES|QL, KQL, and SPL back.
Hunt-as-Code (YAML).
Hypothesis-driven, MITRE-tagged hunts on a cron.
Response planner.
Containment → eradication → recovery, dry-run by default.
ChatOps approvals.
Slack Block Kit + Teams Adaptive Cards, HMAC signed.
L0–L4 maturity dial.
One per-tenant setting governs every action class. Auditable.
SOAR exec.
Blast-radius gated playbook execution with full rollback.

Operate at scale

69 click-and-connect connectors.
EDR · SIEM · cloud · IAM · SaaS · VCS · network.
Marketplace.
7,117 community items — detections, playbooks, plugins.
Plugin SDKs.
Python, TypeScript, Go — build a connector in 50 lines.
MCP server.
Use AiSOC from Claude, Cursor, Continue, Cody — 11 tools.
Cursor extension.
Investigate alerts without leaving your editor.
Cost telemetry.
Per-call tokens and USD captured in the run ledger.

Plug in everything

69 connectors. 6,998 detections. 62 playbook packs.

Every connector renders a schema-driven form, encrypts its secrets at the application layer, and starts polling on a per-instance schedule. When the catalogue doesn't have what you need, write your own — the plugin SDKs are MIT and the marketplace ships your manifest on the next index build.

EDR
SIEM
Cloud
IAM
SaaS
VCS
Network

A small sample

CrowdStrike FalconEDRSentinelOneEDRMicrosoft DefenderEDRCortex XDREDRSplunkSIEMMicrosoft SentinelSIEMElasticSIEMSumo LogicSIEMAWS CloudTrailCloudAWS GuardDutyCloudAzure ActivityCloudGCP SCCCloud

OktaIAMAzure EntraIAMDuo SecurityIAMOnePasswordIAMGoogle WorkspaceSaaSM365 AuditSaaSSlackSaaSSalesforceSaaSGitHubVCSGitLabVCSCloudflareNetworkCisco UmbrellaNetwork

Write a connector in 50 lines.

Each connector is a Python class that declares a schema, tests its credentials, polls on a schedule, and normalises events into OCSF. The plugin SDKs ship for Python, TypeScript, and Go.

Read the connector SDK

from app.connectors.base import BaseConnector, ConnectorSchema, Field

class MyConnector(BaseConnector):
    connector_id = "my-saas"
    connector_category = "saas"

    @classmethod
    def schema(cls) -> ConnectorSchema:
        return ConnectorSchema(
            name=cls.connector_id,
            label="My SaaS",
            category=cls.connector_category,
            fields=[
                Field("api_url", "text", required=True),
                Field("api_token", "secret", required=True, secret=True),
            ],
            default_poll_interval_seconds=300,
        )

Reproducible by anyone

Benchmarked, not vibes.

Five pytest suites gate every PR. 200 synthetic incidents drawn from 55 templates plus a 361-event telemetry corpus across 14 log sources. Per-template macros catch the regression the per-case mean hides. Every figure is labelled — substrate (gated per-PR) or wet-eval (weekly job).

0.0%
MITRE-tactic accuracy · substrate · per-case
Sub-minute p50
End-to-end investigation latency · wet-eval target
0 ms
Full substrate suite runtime on a laptop

Read the methodology Open the public scoreboard

Run AiSOC where your data is allowed to live

Three deploy paths. Same code.

Managed
Time to live
Same day — once seats open
LLM
Cloud APIs · BYO endpoint
Residency
EU · US · India
We host it. You log in. SOC 2 and GDPR are on the roadmap. Join the waitlist for early access.
Join the waitlist
Recommended
Self-host
Time to live
Five minutes (warm Docker)
LLM
Cloud APIs · local Ollama · BYO
Residency
Operator-defined
Render one-click, Docker Compose, Fly.io, Helm, AWS Terraform — pick any. The slim demo stack ships pre-seeded with a LockBit case mid-investigation.
Self-host on GitHub
Sovereign / air-gap
Time to live
An afternoon
LLM
Local Ollama · BYO LiteLLM
Residency
Operator-defined
Set AISOC_AIRGAPPED=true and the platform refuses every outbound call. The Ollama sidecar ships a pinned local model so the demo seed runs end-to-end with zero external calls.
Read the air-gap guide

MIT all the way down

Every detection rule public. Every benchmark reproducible.

Fork the agent, fork the rules, fork the harness. We measure ourselves on the same metrics we publish, and we ship the dataset that produced them. There is no private fork.

Star on GitHub Read CONTRIBUTING.md

github.com/beenuar/AiSOC

beenuar / AiSOC

★ 2.3k · MIT · TypeScript / Python / Go

Clone, demo, and inspect a live case in three commands:

$ git clone https://github.com/beenuar/AiSOC.git
$ cd AiSOC
$ pnpm aisoc:demo

Boots a pre-seeded case in under a minute.

From the people running it

What teams say after their first month.

Be the first reference team.

We are onboarding reference partners through Q2 2026. If your team ships AiSOC into production, we will publish your case study under your byline, with the before/after metrics you choose.

Become a reference partner

Pricing

Free to self-host. Pay only when we host.

Community
Free
Self-host the full stack.
- MIT-licensed code
- All 69 connectors
- Marketplace
- Public benchmark harness
- Community Discord
Clone on GitHub
Team
Most asked for
Waitlist
We run it. You log in.
- Everything in Community
- Managed instance on app.aisoc.dev
- BYOK LLM
- Email support
- SOC 2 (in progress)
Join the waitlist
Enterprise
Contact us
Sovereign, air-gap, or single-tenant in your VPC.
- Everything in Team
- Sovereign / air-gap deploy
- Named onboarding
- Architecture review
- 24×7 incident channel
Talk to us

See full pricing

Questions, asked honestly

Frequently asked.

: Yes — the agent, the connectors, the detection rules, the benchmark dataset, and every piece of infrastructure code are MIT-licensed. There is no private fork.
: By default the Triage and Hunt agents call an LLM provider you configure (OpenAI, Anthropic, Azure, Bedrock, or a private LiteLLM gateway). Set AISOC_AIRGAPPED=true and the platform refuses every outbound call; an Ollama sidecar runs a local model in-cluster.
: Self-host: wherever you point Postgres, ClickHouse, and Redis. Managed: EU, US, or India region you pick at signup. Sovereign: a single-tenant VPC you control. The connector vault encrypts secrets with Fernet AES-128-CBC + HMAC-SHA256.
: Only inside the maturity tier you configure. L0 keeps the agent advisory only; L2 (the production default) lets it run reversible containment actions; L4 allows whitelisted closed-loop actions. Every action class is gated against blast radius.
: Five pytest suites in services/agents/tests/ run on every PR. Three are substrate self-consistency gates; the fourth is a real measurement against a fixed 1,000-alert noisy stream; the fifth is a coverage gate on the synthetic telemetry corpus. The methodology page documents what each suite measures and what it does not.
: Each connector is a Python class that declares a schema, tests its credentials, polls on a schedule, and normalises events into OCSF. 69 ship in the box. The plugin SDKs (Python, TypeScript, Go) let you author your own in roughly 50 lines.
: Beta deployments through reference partners and an internal demo on tryaisoc.com. The managed waitlist at app.aisoc.dev is the route for hosted customers.
: Use whichever tools fit your risk and procurement model. AiSOC's contribution is making the agent itself open, the decisions step-by-step auditable, and the benchmark reproducible — three guarantees closed-source platforms typically do not offer.

Ship the SOC you wish you had.

Either path lands you on a working SOC, not a blank dashboard.

Try managed Self-host on GitHub

MIT-licensed · No credit card · Air-gap on a flag

Detect.Triage.Hunt. Respond.

Built on the open-source stack you already trust

Your SOC is drowning in alerts.

Alert volume is up. Headcount is not.

Context lives in eight tabs.

You cannot defend a verdict you cannot read.

One agent for each stage of an incident.

Detect

Triage

Hunt

Respond

Watch AiSOC investigate a live ransomware incident.

Four promises we hold ourselves to.

Open source and transparent

Graph-native at ingest

Agentic and auditable

Deploy anywhere

Feature deep-dive

Detect & investigate

Fusion engine.

Entity-risk rollup (RBA).

Native detections.

Investigation Ledger.

Attack-chain timeline.

Effective permissions.

Hunt & respond

NL hunt at /hunt.

Hunt-as-Code (YAML).

Response planner.

ChatOps approvals.

L0–L4 maturity dial.

SOAR exec.

Operate at scale

69 click-and-connect connectors.

Marketplace.

Plugin SDKs.

MCP server.

Cursor extension.

Cost telemetry.

69 connectors. 6,998 detections. 62 playbook packs.

Write a connector in 50 lines.

Benchmarked, not vibes.

Three deploy paths. Same code.

Managed

Self-host

Sovereign / air-gap