rod-trent

rod-trent / SIEMTriage

Public

A Triage Agent for reducing junior analyst manual activiites

16
2
100% credibility
Found May 15, 2026 at 17 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
TypeScript
AI Summary

SIEMTriage is an AI agent that triages security incidents from Microsoft Sentinel and Defender XDR, providing verdicts, evidence, and plans for analysts to review before acting.

How It Works

1
🔍 Discover SIEMTriage

You find this helpful AI sidekick on GitHub that sorts through security alerts for Microsoft tools, saving analysts time on routine checks.

2
💻 Launch quick demo

You download it and start a simple demo mode on your computer to see sample alerts triaged without any setup hassle.

3
🧠 Watch AI analyze live

You open the dashboard, pick an alert, and watch the AI fetch details, check for threats, and stream its reasoning step by step.

4
📊 Review smart verdict

The AI shares a clear decision like 'false alarm' or 'real threat' with evidence and next steps, so you can agree or dig deeper.

5
Choose your path
Stick to demo

Practice more with examples and measure accuracy to build confidence.

🚀
Go live

Link it to your alerts so new ones arrive automatically for instant help.

🎉 Triage like a pro

You now handle more alerts faster, focusing on real dangers while the AI handles the routine with full transparency.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 17 to 16 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is SIEMTriage?

SIEMTriage is a TypeScript triage agent AI that automates Tier-1 SOC tasks for Microsoft Sentinel and Defender XDR, pulling incidents via Graph API, enriching entities with VirusTotal and GreyNoise, running KQL hunts, and delivering structured verdicts with evidence trails. It slashes junior analyst manual activities by streaming live reasoning to a Next.js UI where humans review and decide—no auto-closures. Users get a queue view, incident details with deep-dive plans, and CLI evals against historical data.

Why is it gaining traction?

It stands out with a no-infra demo mode (just `npm run replay` and `npm run dev:web`), schema-enforced verdicts that cite exact evidence, and an eval CLI gating autonomy on zero false negatives. Developers hook it to Sentinel Logic Apps via `/api/ingest/sentinel`, watch agents triage in real-time, and measure accuracy before prod—far beyond generic triage agents from Splunk or ServiceNow.

Who should use this?

SOC analysts and SecOps leads in Microsoft stacks tired of sifting false positives in Sentinel queues. Ideal for teams scaling triage without hiring more juniors, or evaluating AI agents for data loss prevention workflows.

Verdict

Grab it for a POC if you're on Sentinel—docs and quickstarts are crisp, demo shines immediately. At 16 stars and 1.0% credibility, it's early but mature enough for eval; wire up auth and threat keys next.

(187 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.