# Agentic SOC Platform — LLM-Powered Security Operations
> Agentic SOC Platform is an open-source, agent-centric SOC with modules, playbooks, and an incident response UI for local deployment and data control.
## Install
Save as a script file and run:
## Quick Use
```bash
git clone https://github.com/FunnyWolf/agentic-soc-platform
cd agentic-soc-platform
# Repo contains `pyproject.toml` and `uv.lock`.
# Follow the official Getting-started docs linked in the README for environment setup.
```
Docs entrypoints (from README):
- Getting-started: https://asp.viperrtp.com/asf/Development/environment_setup/
- Documentation: https://asp.viperrtp.com/asf/Introduction/what_is_asf/
## Intro
Agentic SOC Platform (ASP) is a modular security operations stack that uses agent templates (LangGraph/Dify mentioned in README) to analyze alerts and drive automated response playbooks. It’s aimed at teams who want local deployment and control over data/models.
**Best for:** security operations teams prototyping agent-assisted triage and response workflows
**Works with:** Python ecosystem, SIEM alert sources, Webhooks, Redis Streams (README), modular playbooks
**Setup time:** 45–90 minutes
### Key facts (verified)
- README describes a multi-stage pipeline including Webhook forwarding and Redis Streams.
- Repository includes modules/plugins/playbooks directories (visible in repo root).
- GitHub: 819 stars · 135 forks; pushed 2026-05-12 (GitHub API verified).
## Main
Use ASP as a reference architecture even if you don’t adopt the whole stack:
- Separate ingestion (webhook) from analysis (agent modules) and from actions (playbooks).
- Keep an audit trail for every automated decision.
- Start with “suggest-only” automation before enabling remediation.
If you integrate production SIEM data, do a permissions review and isolate credentials per module.
### README excerpt (verbatim)
Getting-started ·
Documentation
**Agentic SOC Platform** A powerful, flexible, open-source, and agent-centric automated security operations platform.
## Core Features
- 🧠 **AI-driven Intelligence**: Utilizes built-in AI Agent templates like Langgraph and Dify, supporting local LLMs to
enhance alert analysis and automated response capabilities.
- 📊 **Built-in SIRP Platform**: Comes with a ready-to-use Security Incident Response Platform (SIRP) built on Nocoly,
allowing for rapid customization of user interfaces, data models, reports, and workflows.
- ⚙️ **Powerful Automation Workflow**: Achieves efficient alert processing through Webhook + Redis Stream, natively
supporting mainstream SIEM platforms such as Splunk and Kibana (ELK).
- 🛠️ **Highly Extensible**: Provides a rich library of modules and plugins. The entire framework is written in Python,
facilitating secondary development and integration with various security devices and APIs.
### FAQ
**Q: Is this a ready-to-run SOC out of the box?**
A: README positions it as a platform with docs-driven setup; follow the Getting-started guide for deployment steps.
**Q: What integrations does it mention?**
A: README references SIEM sources, webhook forwarding, Redis Streams, and playbooks/modules.
**Q: How do I deploy safely?**
A: Start locally, isolate credentials, and gate automation behind approvals and audit logs.
## Source & Thanks
> Source: https://github.com/FunnyWolf/agentic-soc-platform
> License: MIT
> GitHub stars: 819 · forks: 135
---
## 快速使用
```bash
git clone https://github.com/FunnyWolf/agentic-soc-platform
cd agentic-soc-platform
# 仓库包含 `pyproject.toml` 与 `uv.lock`。
# 环境搭建请按 README 里的官方 Getting-started 文档执行。
```
README 给出的文档入口:
- Getting-started:https://asp.viperrtp.com/asf/Development/environment_setup/
- Documentation:https://asp.viperrtp.com/asf/Introduction/what_is_asf/
## 简介
Agentic SOC Platform(ASP)是模块化的安全运营栈:README 提到内置 LangGraph/Dify 等 agent 模板,用于告警分析与自动化响应 playbooks。它面向希望本地部署、掌控数据与模型的团队。
**最适合:** 要做 Agent 辅助告警研判与响应自动化原型的安全运营团队
**适配:** Python 生态、SIEM 告警源、Webhook、Redis Streams(README 提及)、模块化 playbooks
**配置时间:** 45–90 分钟
### 关键事实(已验证)
- README 描述了包含 Webhook 转发与 Redis Streams 的多阶段处理流程。
- 仓库根目录包含 modules/plugins/playbooks 等结构(可在 repo 结构看到)。
- GitHub:819 stars · 135 forks;最近更新 2026-05-12(GitHub API 验证)。
## 正文
即便你不直接落地整套 ASP,也可以把它当作参考架构:
- 采集(webhook)/分析(agent modules)/动作(playbooks)分层。
- 每次自动决策都要留审计线索。
- 先做“建议模式”,再逐步开放自动处置。
接入生产 SIEM 数据前,做权限 review,并按模块隔离凭据。
### README 原文节选(verbatim)
Getting-started ·
Documentation
**Agentic SOC Platform** A powerful, flexible, open-source, and agent-centric automated security operations platform.
## Core Features
- 🧠 **AI-driven Intelligence**: Utilizes built-in AI Agent templates like Langgraph and Dify, supporting local LLMs to
enhance alert analysis and automated response capabilities.
- 📊 **Built-in SIRP Platform**: Comes with a ready-to-use Security Incident Response Platform (SIRP) built on Nocoly,
allowing for rapid customization of user interfaces, data models, reports, and workflows.
- ⚙️ **Powerful Automation Workflow**: Achieves efficient alert processing through Webhook + Redis Stream, natively
supporting mainstream SIEM platforms such as Splunk and Kibana (ELK).
- 🛠️ **Highly Extensible**: Provides a rich library of modules and plugins. The entire framework is written in Python,
facilitating secondary development and integration with various security devices and APIs.
### FAQ
**开箱即用吗?**
答:README 更像平台介绍,部署步骤以官方文档为准;请按 Getting-started 指南搭建。
**它提到了哪些集成?**
答:README 提到 SIEM 来源、Webhook 转发、Redis Streams,以及 playbooks/modules。
**如何更安全部署?**
答:先本地跑通、隔离凭据,并把自动化动作置于审批与审计日志之下。
## 来源与感谢
> Source: https://github.com/FunnyWolf/agentic-soc-platform
> License: MIT
> GitHub stars: 819 · forks: 135
---
Source: https://tokrepo.com/en/workflows/agentic-soc-platform-llm-powered-security-operations
Author: AI Open Source