An open-source, self-hostable AI SOC. The agent's prompts, tool calls, and rationale are logged step-by-step and replayable. MIT-licensed.
Live demo · How AiSOC compares · Public eval harness · Deploy in 60 seconds · Deployment options · Architecture · Docs
The demo at tryaisoc.com is a self-hosted instance fronted by a Cloudflare Tunnel — when it's reachable, the stack is running locally on a maintainer's box. It can therefore go offline at any time. To run your own (in 3.5 min, with seeded data), see One-shot demo; to expose your own instance on your own domain via Cloudflare Tunnel, see Public demo on your own domain. The Fly.io demo at tryaisoc.com is the canonical AiSOC instance — the badge above links there.
AiSOC is a single self-hostable stack that ingests security events, correlates them, runs AI-driven investigation, and surfaces the result in a SOC console. The agent and the substrate are MIT-licensed, so you can read, fork, or replace either of them.
Three properties distinguish it from closed-source AI SOC vendors:
main / develop: a 200-incident synthetic dataset drawn from 55 distinct templates drives the MITRE-tactic, investigation-completeness, and response-quality gates (each reporting both a per-case mean and a per-template macro so a single broken template can't hide behind 199 working duplicates); a separately generated 1,000-alert noisy stream drives the alert-reduction gate; and a schema/coverage gate validates synthetic_telemetry.jsonl — the companion corpus of ~360 backing events across 14 log sources (Sysmon, Windows Security, M365 audit, Azure sign-in, CloudTrail, Linux auditd, journald, EDR, DNS, web access, Kubernetes audit, GitHub audit, VPN, DB audit) that connector and Sigma PRs can wire against. Alert reduction is a real measurement against the fixed alert stream; the three rubric-based suites are substrate self-consistency gates over deterministic templates. The benchmark page explains exactly which is which.The orchestrator is a ~600-line LangGraph in services/agents/. It is small enough to read end-to-end, swap models in, and patch.
VERSION is 7.5.0. The v7.5.0 release (2026-06-29) is a v8.0-milestone and trust-readiness release. It tags the AiSOC missing pieces — Phases 1–5 rollup (PR #337; 25 commits, 188 files, +23 743 / -907), the four named v8.0 milestones (T3.7 NL→playbook, T3.8 design system v2 + Storybook, T4 wave-3 marketplace + 6 hardened connectors, T5.3 fidelity loaders), the marketing-shell unification on tryaisoc.com, the threat-actor attribution RBAC + port fix, the realtime short-lived-ticket auth, the boundary-aware KB chunker, the Terraform CI workflow + the three missing reusable infra modules (rds, elasticache, kafka), and a large Dependabot + security sweep — every change that landed on main since 7.4.0. The full inventory lives under [7.5.0] in CHANGELOG.md.
v7.5.0 highlights (June 29, 2026)
- AiSOC missing pieces — Phases 1–5 rollup (PR #337): trust-critical honesty fixes on /sovereign + Features + README, CI matrix expanded to 7 previously-untested Python services (~971 new test signals), coverage gates, real SOAR executors for SentinelOne EDR / PAN-OS / FortiGate / Cloudflare WAF + DNS / Splunk ES / Elastic / MDE / Entra ID / Google Workspace, real CreateTicketExecutor wired to Jira / ServiceNow / PagerDuty, Azure/GCP/Okta/GWS effective-permissions resolvers, managed-mode auto-provision pipeline (infra/fly/managed/), CI-built white-paper PDFs + 90 s Playwright screencast, the deterministic NL → ES|QL / KQL / SPL translator (81-case eval at 100 % syntactic + 100 % semantic), real-browser visual regression, a buyer-journey E2E, and four immutable ADRs (docs/decisions/0001–0004).
- v8.0 milestones — T3.7 NL → playbook generator (#330); T3.8 design system v2 + Storybook (#331, restored DraftFromPromptDialog story in #335, Storybook publicDir fix in #336); T4 wave-3 marketplace + 6 hardened connectors (#333, wave-1 parity hardening in #328); T5.3 AIT-LDS + MITRE Engenuity fidelity loaders (#332).
- Threat-actor attribution — port fix + optional RBAC. The investigation agent's default AISOC_THREATINTEL_URL was http://threatintel:8083; the service binds 8005 — every POST /api/v1/actors/attribute therefore hit a port nothing listens on and silently degraded. Default corrected, docs + AISOC_ATTRIBUTION_TIMEOUT_SECONDS aligned, regression test added (#327). Same release ships an opt-in shared-secret gate on /api/v1/actors/* (#329): when AISOC_THREATINTEL_SERVICE_TOKEN is set, callers must present Authorization: Bearer <token> (constant-time compared, 401 on mismatch); when unset, the legacy unauthenticated behaviour is preserved and a startup warning is logged.
- Marketing-shell unification on tryaisoc.com. Every /(marketing) page plus the standalone /not-found, /why-open-source, and /benchmark routes now renders the same StickyNav + sections/Footer shell; the older simpler LandingNav.tsx and landing/Footer.tsx were deleted, eleven marketing pages had their per-page nav/footer JSX + imports removed, (marketing)/layout.tsx centrally injects the shell, and StickyNav's anchors were absolutised so they resolve identically from the landing page and from any subpage.
- Knowledge-base ingest — boundary-aware chunking with overlap (#321, closes #277). KB ingestion no longer splits mid-sentence or mid-code-fence; the new chunker prefers paragraph / sentence / code-block boundaries and applies a configurable overlap so retrieval doesn't lose context across chunks.
- Realtime — WS/SSE authenticated via short-lived tickets (#246, closes #239). The realtime service's WebSocket and SSE endpoints now require a short-lived signed ticket that the API mints for the authenticated session, closing the unauthenticated fan-out surface that lived between services/realtime and apps/web.
- Infrastructure — Terraform CI + missing core modules. A Terraform workflow gates every change to infra/terraform/** with init/validate/fmt -check (#251). The three reusable modules the AWS and BYOC references were already importing — rds, elasticache, kafka — are now actually present in infra/terraform/modules/ (#252) so a fresh terraform init against the multi-cloud skeletons no longer errors on missing sources.
- Dependency & CI maintenance. ~15 Dependabot landings including next 16.2.7 → 16.2.9, framer-motion 11 → 12.40.0, cryptography updates across services, FastAPI updates in services/{api,actions,agents}, actions/checkout v6 → v7; aiohttp 3.14.1 clears CVE-2026-34993 + CVE-2026-47265 (#295); pnpm audit high/critical findings cleared (#322) so the dep-bump queue could merge; a duplicate @mdx-js/react key that was breaking pnpm install on fresh clones removed (#296).
Previously, in v7.4.0 (May 29, 2026) — security-hardening and platform release that tagged the May 27–29 hardening wave, multi-agent routing, and the multi-cloud infrastructure skeletons that had accumulated on main since 7.3.1. The full inventory lives under [7.4.0] in CHANGELOG.md.
- Security hardening — prompt-injection sanitizer wired into the classification agents; cross-tenant isolation enforced on detection-loop suggestions and the compliance / phishing / knowledge-base endpoints; a nightly cross-tenant RBAC regression gate; cryptography CVEs cleared and CodeQL quality notes resolved.
- Multi-agent routing — DetectAgent.process wired to the FusionEngine over cross-service HTTP; /investigate routed through the RouterOrchestrator behind the ROUTER_INVESTIGATE flag; a Redis-backed scheduler singleton guard for in-process workers.
- Multi-cloud infrastructure — serverless-container Terraform skeletons for GCP (Cloud Run + Cloud SQL + Memorystore) and Azure (Container Apps + PostgreSQL Flexible Server + Cache for Redis), mirroring the AWS/EKS reference file-for-file.
- Live dashboard & landing — real /metrics data restored on tryaisoc.com/dashboard, API/agents machines kept warm so the dashboard no longer 500s, seed timestamps re-anchored so it never goes empty, and the landing CTAs pointed at the live dashboard.
- Dependency & CI maintenance — a large Dependabot sweep across the Python, JS, and Go services plus CI stabilization (Ruff cleanup, OpenAPI export permissions, lockfile dedupe).
Hardening detail folded into v7.4.0 (May 27–28, 2026)
- Security Audit green — cryptography floor raised to 44.0.1 to clear CVE-2024-12797 and later 42.x advisories across services/connectors and services/osquery-tls; advisories without an upstream fix are time-boxed (90-day expiry) in scripts/security_audit_ignores.txt (#229).
- Tenant-isolation fix — detection-loop suggestion lookups are now scoped to the caller's tenant, closing a cross-tenant read path (#221).
- Full stack boots clean — the reserved window column is now quoted and pydantic[email] ships in the image, so docker compose comes up end-to-end without manual patching (#227).
- OpenAPI auto-export unblocked — the spec-export CI job now has contents: write, so the committed OpenAPI document re-syncs on every merge (#228).
- CodeQL quality notes cleared — remaining low-severity CodeQL findings resolved on main (#224).
- Dependency refresh — zod 3 → 4.4.3 (#225), recharts 2 → 3.8.1 (#209), plus a Dependabot sweep across fastapi, uvicorn, pydantic, structlog, openai, weasyprint, strawberry-graphql, prometheus-client, go-chi, turbo, and @types/react.
- Credits — new Credits section thanking contributors and security researchers (#223).
Console workbenches (v1.5 PR-1 → PR-6) — the SOC operator surface is now a workbench, not a list.
- Global time-window selector + topbar context — one selector at the top of the console drives every page (Alerts, Cases, Hunts, Funnel KPIs, Pipeline Health). Persists across reloads, deep-linkable as a URL param.
- Tenant switcher + role badge — MSSP operators flip tenants from the topbar; the role badge makes it impossible to confuse a viewer session with an admin session. New endpoint: GET /api/v1/tenants/me/identity.
- Critical severity tier — the severity ladder is now info | low | medium | high | critical. Vendor-native criticals (Azure 5-tier, GCP SCC, GitHub critical, ServiceNow priority 1, GuardDuty ≥ 8.0, AuditD identity-destruction, K8s cluster-admin, Tailscale tailnet lockdown) map straight through instead of being collapsed into high. Confidence (alert.confidence, 0–100, band low|medium|high)
$ claude mcp add AiSOC \
-- python -m otcore.mcp_server <graph>