Agentic SOC Platform

Quick Start · Documentation · SIRP Platform

Agentic SOC Platform is an open-source security operations platform built on Agentic AI — free your security team from alert fatigue and focus on real threats.

---

Alert Aggregation, 99% Noise Reduction

The Module framework continuously consumes SIEM alerts, automatically extracts IOCs and correlates them — reducing millions of logs to just a handful of actionable cases.

AI-Powered Investigation, Seconds Not Hours

LLM auto-generates structured investigation reports — verdicts, attack chains, IOCs, and remediation advice in seconds, not hours.

One-Click Automation

Playbooks support one-click execution of case investigation, knowledge extraction, and threat intelligence enrichment — let AI handle the complexity while analysts focus on decisions.

Unified Multi-SIEM Access

Manage ELK, Splunk and other SIEM indices through a single YAML configuration. One API to search across all backends — LLM and analysts never need to worry about the underlying differences.

Automated Threat Intelligence Enrichment

When artifacts are created, threat intelligence providers are queried automatically. Reputation scores, pulse information, and malware context are attached to IOCs to accelerate analyst judgment.

Deep Code Agent Integration

Integrated with Claude Code via MCP protocol, providing professional security agents and skills — operate cases, search logs, and write modules directly from within an AI agent.

Knowledge Accumulation, Smarter Over Time

Automatically extract reusable security knowledge from closed cases, continuously building an organizational knowledge base that makes future investigations faster and more accurate.

Open Source, Private Deployment, Pure Python

MIT licensed, fully on-premise deployment — your data never leaves your network. Modules, plugins, and playbooks are all Python scripts with zero technology stack barriers.

---

Official Website

https://asp.viperrtp.com

404Starlink

Agentic SOC Platform has joined 404Starlink