explaingit

beenuar/aisoc

Analysis updated 2026-07-03 · repo last pushed 2026-06-30

⭐ Rising1,479PythonAudience · ops devopsComplexity · 4/5ActiveLicenseSetup · hard

TLDR

AiSOC is a self-hosted AI-powered security operations center that ingests security alerts from your existing tools, correlates and investigates them using AI, and tells your team what actually needs attention.

Mindmap

mindmap
  root((repo))
    What it does
      Ingests security alerts
      AI investigates threats
      Cuts alert noise
    Tech stack
      Python
      LangGraph AI agent
      Web console
    Use cases
      Triage thousands of alerts
      Natural-language threat hunting
      Replay AI investigations
    Audience
      Security analysts
      SOC teams
      Self-hosting organizations
    Notable features
      MIT licensed
      Public benchmark harness
      Zero-dependency simulator
      AI coding assistant integration
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Triage and prioritize thousands of daily security alerts from multiple tools so your team focuses on real threats.

USE CASE 2

Type a threat hypothesis in plain English and get back query code to search your security data.

USE CASE 3

Replay exactly how an AI investigation reached its conclusions using the Investigation Ledger log.

USE CASE 4

Run the zero-dependency simulator to see how AI alert investigation works before setting up full infrastructure.

What is it built with?

PythonLangGraph

How does it compare?

beenuar/aisocvibeforge1111/keep-codex-fastlightseekorg/tokenspeed
Stars1,4791,4561,542
LanguagePythonPythonPython
Last pushed2026-06-302026-05-062026-07-03
MaintenanceActiveMaintainedActive
Setup difficultyhardeasyhard
Complexity4/52/54/5
Audienceops devopsdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 30min

Full deployment requires connecting multiple security data sources and infrastructure, though the zero-dependency simulator runs in seconds with no setup.

Use freely for any purpose, including commercial use, as long as you keep the copyright notice.

In plain English

AiSOC is an open-source security operations center powered by AI. It takes incoming security alerts from your existing tools, correlates them, and uses an AI agent to investigate whether they represent a real threat. The core benefit is that it helps security teams cut through alert noise and figure out what actually needs attention, all running on your own infrastructure rather than a vendor's cloud. At a high level, the system ingests security events from dozens of common sources like endpoint protection, cloud providers, and identity systems. Those events flow through a pipeline that normalizes and enriches them with threat intelligence. Then an AI agent built on a framework called LangGraph takes over, reasoning through the alerts, pulling evidence, and producing a narrative investigation you can read in a web console. What stands out is that every step the AI takes, its prompts, tool calls, and reasoning, gets logged in what the project calls an Investigation Ledger, so you can replay exactly how it reached its conclusions. The people who would use this are security analysts and SOC teams, especially at organizations that want to self-host their security tooling rather than send data to a third-party SaaS. For example, if your team is drowning in thousands of alerts a day from various tools, this could help triage and prioritize them. It also includes a natural-language hunt feature where an analyst can type a hypothesis in plain English and get back query code to search their data. A few things make this project notable. It is fully MIT-licensed, meaning you can read, modify, or replace any part of it. The project runs a public benchmark harness on every code change to measure whether alert accuracy is improving or regressing, which is unusual transparency for a security tool. It also ships with a zero-dependency simulator you can run in seconds to see how the AI investigation funnel works without setting up any infrastructure. Finally, it integrates with AI coding assistants like Claude and Cursor, so analysts can query alerts and replay investigations directly from their development environment.

Copy-paste prompts

Prompt 1
I want to self-host an AI security operations center that ingests alerts from my endpoint protection and cloud provider tools. Help me set up AiSOC and configure it to receive alerts from my existing security stack.
Prompt 2
I am drowning in security alerts. Help me use AiSOC's natural-language hunt feature to write a hypothesis about a potential lateral movement threat and generate the query code to search my data.
Prompt 3
Show me how to run the AiSOC zero-dependency simulator so I can see how the AI investigation funnel works before committing to a full deployment.
Prompt 4
Help me integrate AiSOC with Claude or Cursor so my analysts can query alerts and replay investigations directly from their development environment.

Frequently asked questions

What is aisoc?

AiSOC is a self-hosted AI-powered security operations center that ingests security alerts from your existing tools, correlates and investigates them using AI, and tells your team what actually needs attention.

What language is aisoc written in?

Mainly Python. The stack also includes Python, LangGraph.

Is aisoc actively maintained?

Active — commit in last 30 days (last push 2026-06-30).

What license does aisoc use?

Use freely for any purpose, including commercial use, as long as you keep the copyright notice.

How hard is aisoc to set up?

Setup difficulty is rated hard, with roughly 30min to a first successful run.

Who is aisoc for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Scan in gitsafehub Deploy in gitdeployhub beenuar on gitmyhub

Verify against the repo before relying on details.