Agentic SOC Platform — LLM-Powered Security Operations

Main

Use ASP as a reference architecture even if you don’t adopt the whole stack:

• Separate ingestion (webhook) from analysis (agent modules) and from actions (playbooks).
• Keep an audit trail for every automated decision.
• Start with “suggest-only” automation before enabling remediation.

If you integrate production SIEM data, do a permissions review and isolate credentials per module.

README excerpt (verbatim)

Getting-started · Documentation

Agentic SOC Platform A powerful, flexible, open-source, and agent-centric automated security operations platform.

Core Features

• 🧠 AI-driven Intelligence: Utilizes built-in AI Agent templates like Langgraph and Dify, supporting local LLMs to enhance alert analysis and automated response capabilities.
• 📊 Built-in SIRP Platform: Comes with a ready-to-use Security Incident Response Platform (SIRP) built on Nocoly, allowing for rapid customization of user interfaces, data models, reports, and workflows.
• ⚙️ Powerful Automation Workflow: Achieves efficient alert processing through Webhook + Redis Stream, natively supporting mainstream SIEM platforms such as Splunk and Kibana (ELK).
• 🛠️ Highly Extensible: Provides a rich library of modules and plugins. The entire framework is written in Python, facilitating secondary development and integration with various security devices and APIs.

FAQ

Q: Is this a ready-to-run SOC out of the box? A: README positions it as a platform with docs-driven setup; follow the Getting-started guide for deployment steps.

Q: What integrations does it mention? A: README references SIEM sources, webhook forwarding, Redis Streams, and playbooks/modules.

Q: How do I deploy safely? A: Start locally, isolate credentials, and gate automation behind approvals and audit logs.