beenuar

beenuar / AiSOC

Public

Open-source AI-powered Security Operations Center — alert fusion, purple-team drills, agent-assisted triage, MITRE ATT&CK investigation. MIT-licensed, self-hostable.

tryaisoc.com ai-security alert-triage cybersecurity detection-engineering docker
72
2
100% credibility
Found May 08, 2026 at 67 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

AiSOC is an open-source, self-hostable AI-powered Security Operations Center that ingests events from various sources, uses AI agents for autonomous investigation, and provides a web console for triage, compliance, and response.

How It Works

1
🔍 Discover AiSOC

You hear about a free, open tool that uses AI to watch for security problems and help your team respond faster.

2
🚀 Try the quick demo

With one simple command, you start a ready-to-go version that shows fake security alerts being handled by AI.

3
🔗 Connect your security tools

Pick from popular services like email logs or cloud alerts, enter details once, and watch data flow in securely.

4
🧠 See AI investigate alerts

AI spots patterns, maps threats, and explains each step in a clear log you can replay anytime.

5
📊 Review cases and dashboards

Check organized cases, compliance reports, and live metrics to understand what's happening.

Your security runs smoothly

AI handles routine checks so your team focuses on real threats, with full control and no vendor lock-in.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 67 to 72 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is AiSOC?

AiSOC delivers a full self-hostable AI Security Operations Center in Python with a Next.js web console and mobile PWA responder. It pulls events from sources like Microsoft Entra, AWS, and GitHub via click-to-connect, fuses alerts into entity risks with 50:1 reduction, triggers LangGraph AI agents for MITRE ATT&CK investigations, and surfaces triage queues, graphs, and compliance dashboards. You get autonomous triage, purple-team drills, and honeytokens without proprietary lock-in.

Why is it gaining traction?

It logs every AI prompt, tool call, and rationale for replayable audits, unlike opaque closed SOCs, and CI-gates PRs with evals on 200 synthetic incidents—publicly verifiable substrate quality. The 3.5-minute Docker demo seeds data and runs a live investigation, standing out among github open source tools as a true open source ai powered self hosted alternative to Splunk ES or Wazuh, with no vendor callbacks.

Who should use this?

Security engineers at SMBs building in-house SOCs to cut Splunk costs. Purple teams tracking ATT&CK drift via Atomic Red Team/Caldera. On-call analysts needing PWA triage, push alerts, and approval queues for mobile response.

Verdict

Early with 29 stars and 1.0% credibility score, but polished docs, one-command demo (`pnpm aisoc:demo`), and eval harness signal strong potential—self-host now if you need open source ai powered security without clouds. Scale to prod via Helm/Terraform once stars climb.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.