socprime

socprime / detectflow-main

Public

Detection intelligence turbocharged with Al.

socprime.comdetectflow detectflow
446
57
100% credibility
Found Feb 21, 2026 at 299 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
AI Summary

DetectFlow is an open-source cybersecurity platform that processes streaming log events against Sigma detection rules in real-time, providing a dashboard for managing pipelines, rules, and metrics to accelerate threat detection.

How It Works

1
🔍 Discover DetectFlow

You hear about DetectFlow, a smart tool from SOC Prime that spots cyberattacks in milliseconds using AI trained on years of real threat data.

2
🛠️ Prepare Your Setup

You ensure your log collection system and storage are ready to stream event data securely within your network.

3
🚀 Launch the Dashboard

Following simple guided steps, you bring the real-time control panel to life on your secure environment, ready to manage detections.

4
📋 Load Security Rules

You add lists of attack patterns from trusted open sources or your own collection to watch for threats.

5
🔗 Create Detection Pathways

You link your incoming log streams to output streams, choosing rules and filters to process events on the fly.

6
📊 Monitor Live Action

On the interactive dashboard, you watch events flow through, see matches light up, and track performance in real time.

Catch Threats Instantly

Your team now detects and tags attacks sub-second fast, enriching logs before they reach your main security tools, without slowing down.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 299 to 446 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is detectflow-main?

Detectflow-main deploys a real-time detection platform that processes streaming Kafka events with thousands of Sigma rules via Apache Flink pipelines, tagging matches with MITRE ATT&CK metadata before SIEM ingestion. It slashes mean time to detect cyberattacks to sub-second levels, freeing detection engineers from SIEM tuning to full threat detection intelligence orchestration. Built for Kubernetes clusters with Postgres backing, it syncs rules from GitHub repos like SigmaHQ for anomaly detection and threat intelligence detection.

Why is it gaining traction?

It stands out by hot-reloading rules, filters, and parsers without downtime, scaling to 10x more detection rules on existing Kafka infra without vendor limits. Developers love the live dashboard visualizing pipeline throughput, consumer lag, and data flows, plus easy integration of detection rules from GitHub for github detection engineering workflows. Air-gapped support and optional AI enhancements like schema validation keep data in-house while boosting detection as code practices.

Who should use this?

Detection engineers and SecOps teams managing high-volume logs in Kafka-heavy environments, especially those building threat detection intelligence pipelines with Sigma-based github detection rules. Ideal for organizations integrating EDR, SIEM, or data lakes like Splunk and Elastic, wanting to enrich events in-flight without pipeline restarts. Skip if you're not running Kubernetes with Flink expertise.

Verdict

Promising for mature detection teams chasing sub-second threat detection intelligence, but 293 stars and 1.0% credibility score signal early-stage OSS—docs are detailed yet deployment is Kubernetes-heavy with separate component repos. Test in staging before production commit.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.