AiSOC

AiSOC is an open-source, autonomous security operations platform designed for robust threat detection and incident response. Key features include: • Autonomous alert triage and investigation • Cloud and identity log analysis • Auditable Investigation Ledger • MITRE ATT&CK mapping • Self-hostable and extensible architecture This platform streams and correlates events from various sources like cloud trails, EDR, identity systems, and network data using Kafka. It employs rule-based and behavioral-based detectors for real-time threat surfacing, often within seconds. The integrated detection-as-code feature supports Sigma, KQL, EQL, and YAML rules, allowing for inline editing, historical data testing, and Git version control. The system's core functionality revolves around agent-assisted triage, where a copilot enriches alerts with threat intelligence, identity context, and host telemetry. All prompts and rationales behind each decision are recorded in a transparent, replayable Investigation Ledger, ensuring full auditability. Furthermore, an attack graph visually links identities, hosts, and assets, aiding in advanced threat hunting and case management. The platform also includes a public evaluation harness with 200 incidents, rigorously tested on every code change. Built for security teams and developers seeking a transparent, flexible, and high-performance security platform, AiSOC is MIT licensed, enabling auditability, forking, and complete self-hosting. It's ideal for organizations that require deep control over their security infrastructure and rigorous validation of detection capabilities.