Esta página se muestra en inglés. Una traducción al español está en curso.
SkillsMay 12, 2026·1 min de lectura

Agentic SOC Platform — LLM-Powered Security Operations

Agentic SOC Platform is an open-source, agent-centric SOC with modules, playbooks, and an incident response UI for local deployment and data control.

Listo para agents

Instalación lista para agent

Este activo puede instalarse después de elegir el runtime, revisar el plan y ejecutar el comando correspondiente.

Native · 98/100Política: permitir
Superficie agent
Cualquier agent MCP/CLI
Tipo
Skill
Instalación
Single
Confianza
Confianza: Established
Entrada
Asset
Comando de instalación directa
npx -y tokrepo@latest install 3b1b8086-d47e-5b34-a249-b640fcbc5a9c --target codex

Ejecutar después de confirmar el plan con dry-run.

Introducción

Agentic SOC Platform (ASP) is a modular security operations stack that uses agent templates (LangGraph/Dify mentioned in README) to analyze alerts and drive automated response playbooks. It’s aimed at teams who want local deployment and control over data/models.

Best for: security operations teams prototyping agent-assisted triage and response workflows

Works with: Python ecosystem, SIEM alert sources, Webhooks, Redis Streams (README), modular playbooks

Setup time: 45–90 minutes

Key facts (verified)

  • README describes a multi-stage pipeline including Webhook forwarding and Redis Streams.
  • Repository includes modules/plugins/playbooks directories (visible in repo root).
  • GitHub: 819 stars · 135 forks; pushed 2026-05-12 (GitHub API verified).

Main

Use ASP as a reference architecture even if you don’t adopt the whole stack:

  • Separate ingestion (webhook) from analysis (agent modules) and from actions (playbooks).
  • Keep an audit trail for every automated decision.
  • Start with “suggest-only” automation before enabling remediation.

If you integrate production SIEM data, do a permissions review and isolate credentials per module.

README excerpt (verbatim)

cover-v5-optimized

Getting-started · Documentation

Static Badge Commits last month Issues closed Release Ask DeepWiki

README in English 简体中文版自述文件

Agentic SOC Platform A powerful, flexible, open-source, and agent-centric automated security operations platform.

Core Features

  • 🧠 AI-driven Intelligence: Utilizes built-in AI Agent templates like Langgraph and Dify, supporting local LLMs to enhance alert analysis and automated response capabilities.
  • 📊 Built-in SIRP Platform: Comes with a ready-to-use Security Incident Response Platform (SIRP) built on Nocoly, allowing for rapid customization of user interfaces, data models, reports, and workflows.
  • ⚙️ Powerful Automation Workflow: Achieves efficient alert processing through Webhook + Redis Stream, natively supporting mainstream SIEM platforms such as Splunk and Kibana (ELK).
  • 🛠️ Highly Extensible: Provides a rich library of modules and plugins. The entire framework is written in Python, facilitating secondary development and integration with various security devices and APIs.

FAQ

Q: Is this a ready-to-run SOC out of the box? A: README positions it as a platform with docs-driven setup; follow the Getting-started guide for deployment steps.

Q: What integrations does it mention? A: README references SIEM sources, webhook forwarding, Redis Streams, and playbooks/modules.

Q: How do I deploy safely? A: Start locally, isolate credentials, and gate automation behind approvals and audit logs.

🙏

Fuente y agradecimientos

Source: https://github.com/FunnyWolf/agentic-soc-platform > License: MIT > GitHub stars: 819 · forks: 135

Discusión

Inicia sesión para unirte a la discusión.
Aún no hay comentarios. Sé el primero en compartir tus ideas.

Activos relacionados