Skip to content

FunnyWolf/agentic-soc-platform

BranchesTags

Repository files navigation

cover-v5-optimized

Getting-started · Documentation

Static Badge Commits last month Issues closed Release Ask DeepWiki

README in English 简体中文版自述文件

Agentic SOC Platform A powerful, flexible, open-source, and agent-centric automated security operations platform.

Core Features

  • 🧠 AI-driven Intelligence: Utilizes built-in AI Agent templates like Langgraph and Dify, supporting local LLMs to enhance alert analysis and automated response capabilities.
  • 📊 Built-in SIRP Platform: Comes with a ready-to-use Security Incident Response Platform (SIRP) built on Nocoly, allowing for rapid customization of user interfaces, data models, reports, and workflows.
  • ⚙️ Powerful Automation Workflow: Achieves efficient alert processing through Webhook + Redis Stream, natively supporting mainstream SIEM platforms such as Splunk and Kibana (ELK).
  • 🛠️ Highly Extensible: Provides a rich library of modules and plugins. The entire framework is written in Python, facilitating secondary development and integration with various security devices and APIs.
  • 🛡️ Local Deployment & Data Control: Supports complete local deployment. All data, models, and operations can be hosted within your own environment, ensuring enterprise data security and privacy.
  • Streaming and Batch Processing: Offers streaming processing (modules) for real-time alert analysis and event-driven automation (playbooks) for user-triggered tasks.

Architecture Overview

ASP processes security alerts and incidents through a simplified multi-stage process:

  1. SIEM/Alert Sources: EDR, NDR, or other security tools send alerts to a SIEM (e.g., Splunk, Kibana).
  2. Webhook Forwarder: The SIEM forwards these alerts via Webhook to the ASP's built-in Webhook receiver.
  3. Redis Stream: The receiver pushes the alerts to the corresponding Redis Stream, serving as a persistent message queue. Each alert type has its own stream.
  4. Module Engine: ASP modules consume alerts from their designated streams, perform analysis (often using AI Agents), enrich data, and determine outcomes.
  5. SIRP Platform: The output of the modules (now formatted into standardized security records) is sent to the **SIRP ** platform, where cases, alerts, and artifacts are created or updated.
  6. Playbook Engine: Analysts can trigger playbooks from the SIRP user interface against cases, alerts, or artifacts to perform further automated actions, such as threat intelligence enrichment or remediation.

img_1.webp img_2.webp img_2.webp img_3.webp img_4.webp

Official Website

https://asp.viperrtp.com

404Starlink

Agentic SOC Platform has joined 404Starlink

About

Agentic SOC Platform: A powerful, flexible, open-source, and agent-centric automated security operations platform

asp.viperrtp.com

Topics

cybersecurity siem blueteam soar dify llm langchain langgraph agentic-soc

Resources

Readme

License

MIT license
Activity

Stars

471 stars

Watchers

17 watching

Forks

63 forks
Report repository

Releases 2

Chaos Before Order 秩序之前的混乱 Latest
Jan 2, 2026
+ 1 release

Languages