Skip to content
/ secops-agent Public

Demo SecOps agent as demonstrated in my BSides 2025 Talk

License

Unlicense license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

evict/secops-agent

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
internal
internal
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
agent.go
agent.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

Security Operations Agent

A demonstration of how agents can be useful in security operations.

Features

Tools

  1. Elasticsearch Search - Search security events and logs using Elasticsearch query_string syntax
  2. Elasticsearch Aggregations - Perform aggregations on security data for analysis
  3. Kibana Detection Alerts - Aggregate and manage detection alerts from Kibana Security

Configuration

Environment Variables

  • ANTHROPIC_API_KEY - Required. API key for Anthropic Claude
  • ELASTIC_USER_API_KEY - Required. API key for Elasticsearch/Kibana authentication
  • ELASTICSEARCH_URL - Required. URL of your Elasticsearch instance
  • KIBANA_URL - Required. URL of your Kibana instance

Building

go build

Running

export ANTHROPIC_API_KEY="your-key"
export ELASTIC_USER_API_KEY="your-key"
export ELASTICSEARCH_URL="https://your-es-instance:9200"
export KIBANA_URL="https://your-kibana-instance:5601"

./security-operations-agent

Resources

About

Demo SecOps agent as demonstrated in my BSides 2025 Talk

Resources

Readme

License

Unlicense license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages