securityclaw-autonomous-soc-agent
OfficialAutonomous SOC monitoring with LLM threat triage
AuthorAradotso
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Security teams need continuous detection and investigation across security log data, but manual triage and analyst workflows cannot keep up with fast-changing threats and noisy alerts.
Core Features & Use Cases
- RAG-based behavioral memory: Builds and queries embeddings of normal network behavior stored in OpenSearch/Elasticsearch for contextual detection.
- LLM anomaly analysis: Uses LLM validation to analyze anomalies with retrieved context and produce investigation-ready outputs.
- LangGraph orchestrated SOC automation: Runs a DECIDE→EXECUTE→EVALUATE supervisor loop with conversation-based investigations and checkpointing.
- Operational interfaces: Provides both CLI and a web UI/API to support real-time threat analysis and automation.
- Provider flexibility: Supports OpenSearch vs Elasticsearch and Ollama vs other LLM providers.
Example use case
Monitor OpenSearch indices for near-real-time network anomalies, retrieve baseline context for the involved events, and automatically generate an analyst-style threat triage and investigation plan.
Quick Start
Deploy the SecurityClaw service by running the command: python main.py service.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: securityclaw-autonomous-soc-agent Download link: https://github.com/Aradotso/security-skills/archive/main.zip#securityclaw-autonomous-soc-agent Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.