A modular, skill-based autonomous Security Operations Center (SOC) agent that monitors OpenSearch/Elasticsearch data, builds RAG-based behavioral memory, and validates real-time anomalies using LLMs.

Find relevant incidents, logs, events, and alerts to all of your incidents. [Attack Flows, Attack Chains, & Root Cause Discovery - NO LLMs, NO Queries, Just Explainable Machine Learning] >> Use it for free here: https://app.cypienta.io

CABTA (Blue Team Assistant) - AI-Powered SOC Platform for Threat Analysis, IOC Investigation & Email Forensics

Agentic memory for CTI in Python — STIX knowledge graphs, threat-actor alias resolution, offline-first RAG, MCP server for Claude Code and LangChain agents

Blackhat 2025 presentation and codebase: AI SOC agent & MCP server for automated security investigation, alert triage, and incident response. Integrates with ELK, IRIS, and other platforms.

Autonomous AI Security Operations — 35 agents replacing $300K/year SOC teams for $50/year

An extensible, deterministic static‑analysis engine that extracts high‑signal IOCs from PE binaries and text, built for SOC automation and modern threat‑analysis pipelines.

ICS Incident Response Automation Framework Python framework for executing automated incident response playbooks in ICS/SCADA environments. Supports network isolation, forensic preservation, logic restoration, and safety system interventions. Designed for defenders, researchers, and red team simulations in operational technology networks.

Autonomous agentic threat hunting playbook executor for SOC/DFIR pros. Runs YAML playbooks against forensic logs with local LLMs (Ollama) for intelligent correlation, triage, ATT&CK mapping, and automated reporting. Offline-first, DuckDB-powered.

Building one Solution for Threat management and detection for you network with Open source SOC solution.

Rust stream processing engine for real-time detection. Open-source Apache Flink alternative built for detection engineering, fraud prevention, and MITRE ATT&CK coverage. 1.5M events/sec, single 15MB binary, no JVM.

🛡️ CyberSentinel – Threat Intel + Log Correlation Dashboard. An analyst-grade security tool that ingests threat intelligence, parses SSH/Apache logs, correlates IOCs, and generates real-time alerts.

ALX System Engineering & DevOps portfolio with cybersecurity enhancements. Bash automation for log analysis, system hardening, incident response, zero-trust SSH, compliance auditing (CIS/NIST), threat hunting, and DevSecOps pipelines. Proven SOC analyst toolkit – built on Ubuntu 20.04.

AI-powered security alert triage system with multi-source threat intelligence, intelligent caching, and REST API for SIEM/SOAR integration

Open-source SOC system that monitors your Linux server in real-time, automatically detects and blocks threats using Groq AI and Telegram Bot integration.

Public-facing website and narrative surfaces for HawkinsOperations work.

🤖 AI-powered SOC lab — Wazuh SIEM + TheHive + Shuffle + MISP + Ollama LLaMA3 for LLM-powered alert triage, AI threat analysis, and automated incident response. Free & open-source.

OpenSOC-AI: Lightweight SOC automation using TinyLlama and LoRA to analyze security logs, classify threats, map MITRE ATT&CK techniques, and generate severity and remediation.

Enterprise-style SOC Detection & Response lab built using Wazuh SIEM, featuring MITRE ATT&CK aligned detections, alert triage, and evidence-based investigations across Windows and Linux endpoints.