MCPcopy Index your code
hub / github.com/FunnyWolf/agentic-soc-platform

github.com/FunnyWolf/agentic-soc-platform @v0.5.0

Chat with this repo
repository ↗ · DeepWiki ↗ · release v0.5.0 ↗ · + Follow
2,050 symbols 6,491 edges 349 files 7 documented · 0%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

cover

Agentic SOC Platform

Quick Start · Learn More · Workspace Features

<a href="https://github.com/funnywolf/agentic-soc-platform/graphs/commit-activity" target="_blank">
    <img alt="Commits last month" src="https://img.shields.io/github/commit-activity/m/funnywolf/agentic-soc-platform?labelColor=%20%2332b583&color=%20%2312b76a"></a>
<a href="https://github.com/funnywolf/agentic-soc-platform/" target="_blank">
    <img alt="Issues closed" src="https://img.shields.io/github/issues-search?query=repo%3Afunnywolf%2Fagentic-soc-platform%20is%3Aclosed&label=issues%20closed&labelColor=%20%237d89b0&color=%20%235d6b98"></a>
<a href="https://github.com/funnywolf/agentic-soc-platform/releases" target="_blank">
    <img alt="Release" src="https://img.shields.io/github/v/release/funnywolf/agentic-soc-platform?style=flat&label=Release&color=limegreen"></a>

README in English 简体中文版自述文件

Agentic SOC Platform is an open-source security operations platform built on Agentic AI, enabling agents to proactively participate in triage, investigation, enrichment, and knowledge accumulation so security teams can move from alert fatigue to AI-assisted decision-making.


Alert Floods, Converged into Actionable Cases

Modules stream SIEM / Webhook alerts, extract IOCs, correlate related signals, and generate Cases, Alerts, and Artifacts so massive log volumes converge into a small number of actionable cases.

Alert Floods, Converged into Actionable Cases

AI-Powered Investigation, Seconds Not Hours

Compress hours of manual analysis into seconds, automatically producing severity, confidence, impact, priority, verdicts, and structured investigation reports.

AI-Powered Investigation, Seconds Not Hours

One Click to Drive Complex Investigations

Launch LLM investigation, knowledge extraction, threat intelligence enrichment, and CMDB enrichment around each Case, orchestrating traditional SOAR workflows and AI analysis in the same Playbook system.

One Click to Drive Complex Investigations

Deep Harness Agent Integration

Expose ASP capabilities to Claude Code / Codex / OpenCode and other Harness Agents through the CLI and plugins, enabling agents to operate Cases, search logs, query threat intelligence, and write modules and playbooks directly.

Deep Harness Agent Integration

Multi-SIEM Access, One Investigation Entry Point

Support Splunk, ELK configuration, unified log search, and Webhook alert ingestion so LLMs, agents, and analysts all work with the same security context.

Multi-SIEM Access, One Investigation Entry Point

Automated Threat Intelligence Enrichment

Automatically enrich IOCs and Artifacts with reputation, pulses, asset, identity, and historical context so every suspicious entity appears with evidence for judgment.

Automated Threat Intelligence Enrichment

Knowledge Accumulation, Smarter Over Time

Extract reusable knowledge from closed Case investigation records, response processes, and discussions, allowing organizational experience to grow with every response.

Knowledge Accumulation

Collaboration, Audit, and Access Control Built In

Local / LDAP login, user roles, API Keys, Inbox notifications, and Audit Log provide foundational governance so security operations no longer depend on fragmented tools.

Collaboration, Audit, and Access Control Built In

Low-Cost Adaptation, Highly Flexible Customization

Use Python Modules to adapt new SIEM rules and alert sources, and use Playbooks to orchestrate LLM analysis and automated actions so the platform grows with your security scenarios.

Low-Cost Adaptation, Highly Flexible Customization

Open Source, Private Deployment, Python & Typescript

MIT licensed, fully local deployment supported. Security data stays inside your network, while the backend, frontend, and extension scripts remain clear and controllable.

Open Source & Private


Official Website

https://asp.viperrtp.com

404Starlink

Agentic SOC Platform has joined 404Starlink

Extension points exported contracts — how you extend this code

RealtimeContextValue (Interface)
(no doc)
frontend/src/realtimeContext.ts
ChoiceOption (Interface)
(no doc)
frontend/src/types/records.ts
ResourceMetadata (Interface)
(no doc)
frontend/src/types/records.ts
MetadataResponse (Interface)
(no doc)
frontend/src/types/records.ts
ResourceFilterConfig (Interface)
(no doc)
frontend/src/types/records.ts

Core symbols most depended-on inside this repo

get
called by 421
backend/apps/common/views.py
column
called by 123
frontend/src/config/resources.tsx
get
called by 113
backend/apps/agent_api/views.py
field
called by 85
frontend/src/config/resources.tsx
get
called by 74
backend/apps/settings/views.py
choiceTag
called by 59
frontend/src/utils/recordDisplay.tsx
value
called by 54
frontend/src/config/resources.tsx
stringValue
called by 39
frontend/src/config/resources.tsx

Shape

Function 1,047
Method 494
Class 355
Interface 130
Route 24

Languages

Python69%
TypeScript31%

Modules by API surface

cli/src/asp_cli/main.py103 symbols
backend/apps/agent_api/views.py81 symbols
backend/integrations/threat_intel/providers.py53 symbols
backend/apps/settings/views.py50 symbols
backend/apps/settings/serializers.py46 symbols
backend/integrations/cmdb/providers.py37 symbols
frontend/src/components/DataTable.tsx36 symbols
frontend/src/pages/Dashboard.tsx34 symbols
frontend/src/components/InvestigationReportView.tsx31 symbols
backend/apps/accounts/views.py30 symbols
frontend/src/components/InlineFieldEditors.tsx27 symbols
backend/apps/settings/models.py27 symbols

For agents

$ claude mcp add agentic-soc-platform \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page