Open-source AI-powered Security Operations Center — alert fusion, purple-team drills, agent-assisted triage, MITRE ATT&CK investigation. MIT-licensed, self-hostable.

Intelligent SOC automation framework powered by LangGraph multi-agent workflows for alert triage, correlation, and incident response

SOC子引擎，基于agent-skills技术通过AI赋能SOC平台，对SOC告警进行研判、调查、响应。

AI-powered SIEM alert triage assistant for SOC analysts: classifies, prioritizes, and recommends response actions.

Hands-on cybersecurity portfolio featuring GRC, SOC/SIEM, Incident Response, and Automation projects. Includes risk assessments, Splunk log analysis, IR playbooks, and a full enterprise capstone case study.

n8n workflow that pipes Wazuh SIEM alerts through Claude Haiku for AI triage. ~$0.001 per alert. Slack output with risk assessment + investigation commands.

SentinelForge: Autonomous SOC analyst platform with AI agents for alert triage, log correlation, threat hunting, and incident response.

Hands-on SOC Analyst lab portfolio — alert triage, reporting, escalation, and workbook-driven investigations (30-day project)

Our reusable, modifiable prompts and simple agents that are included within the Arcanna platform and invokable via Arcanna's AI Assistant

OpsPilot Discord-native AI on-call team that triages alerts, creates safe PRs, and manages incidents automatically.

SOC / DFIR investigations portfolio with hands-on lab cases covering SIEM alert triage, Phishing Analysis, Malware analysis, Endpoint detection, Network Analysis. Built to demonstrate practical SOC Analyst L1/L2 and DFIR skills.

🤖 Automate incident response with OpsPilot, your Discord-based AI on-call team that triages issues and deploys safe PRs in minutes.

Splunk-based TryHackMe write-up covering alert triage, brute-force analysis, scheduled task persistence, and web shell investigation.

Saudi-native SOC operations simulation platform for alert triage, incident investigation, MITRE ATT&CK mapping, playbooks, reports, and NCA ECC-oriented workflows.

Defensive SOC detection-engineering lab using Python fallback rules, synthetic logs, safe sample files, alert triage, false-positive suppression, Markdown/JSON reporting, pytest, Ruff, CI, and CodeQL.

Agentic SOC platform for multi-agent security ops: vulnerability detection, knowledge graphs, team based parallel analysis, and GitHub integration.

SOC incident response simulation demonstrating alert triage, investigation steps, and incident documentation.

Python CLI that ingests alerts from CSV, Splunk, or Elasticsearch; enriches source IPs via VirusTotal and Shodan; scores priority with a 6-factor weighted model; detects correlated incidents and MITRE ATT&CK kill chains; and generates a self-contained HTML analyst report.

Defensive host-based intrusion detection lab using Python, synthetic host-event logs, file integrity monitoring, JSON baselines, alert triage, false-positive suppressions, Markdown/JSON reporting, pytest, Ruff, GitHub Actions, and CodeQL.

A risk-based fraud alert triage system that scores transactions, prioritizes alerts by severity, and applies proportionate remediation actions to minimize financial loss while preserving customer experience.