Analysis updated 2026-07-03 · repo last pushed 2026-06-30
Triage and prioritize thousands of daily security alerts from multiple tools so your team focuses on real threats.
Type a threat hypothesis in plain English and get back query code to search your security data.
Replay exactly how an AI investigation reached its conclusions using the Investigation Ledger log.
Run the zero-dependency simulator to see how AI alert investigation works before setting up full infrastructure.
| beenuar/aisoc | vibeforge1111/keep-codex-fast | lightseekorg/tokenspeed | |
|---|---|---|---|
| Stars | 1,479 | 1,456 | 1,542 |
| Language | Python | Python | Python |
| Last pushed | 2026-06-30 | 2026-05-06 | 2026-07-03 |
| Maintenance | Active | Maintained | Active |
| Setup difficulty | hard | easy | hard |
| Complexity | 4/5 | 2/5 | 4/5 |
| Audience | ops devops | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Full deployment requires connecting multiple security data sources and infrastructure, though the zero-dependency simulator runs in seconds with no setup.
AiSOC is an open-source security operations center powered by AI. It takes incoming security alerts from your existing tools, correlates them, and uses an AI agent to investigate whether they represent a real threat. The core benefit is that it helps security teams cut through alert noise and figure out what actually needs attention, all running on your own infrastructure rather than a vendor's cloud. At a high level, the system ingests security events from dozens of common sources like endpoint protection, cloud providers, and identity systems. Those events flow through a pipeline that normalizes and enriches them with threat intelligence. Then an AI agent built on a framework called LangGraph takes over, reasoning through the alerts, pulling evidence, and producing a narrative investigation you can read in a web console. What stands out is that every step the AI takes, its prompts, tool calls, and reasoning, gets logged in what the project calls an Investigation Ledger, so you can replay exactly how it reached its conclusions. The people who would use this are security analysts and SOC teams, especially at organizations that want to self-host their security tooling rather than send data to a third-party SaaS. For example, if your team is drowning in thousands of alerts a day from various tools, this could help triage and prioritize them. It also includes a natural-language hunt feature where an analyst can type a hypothesis in plain English and get back query code to search their data. A few things make this project notable. It is fully MIT-licensed, meaning you can read, modify, or replace any part of it. The project runs a public benchmark harness on every code change to measure whether alert accuracy is improving or regressing, which is unusual transparency for a security tool. It also ships with a zero-dependency simulator you can run in seconds to see how the AI investigation funnel works without setting up any infrastructure. Finally, it integrates with AI coding assistants like Claude and Cursor, so analysts can query alerts and replay investigations directly from their development environment.
AiSOC is a self-hosted AI-powered security operations center that ingests security alerts from your existing tools, correlates and investigates them using AI, and tells your team what actually needs attention.
Mainly Python. The stack also includes Python, LangGraph.
Active — commit in last 30 days (last push 2026-06-30).
Use freely for any purpose, including commercial use, as long as you keep the copyright notice.
Setup difficulty is rated hard, with roughly 30min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.