AI-Powered External Attack Surface Management

OASM Assistant is an AI-powered security platform that automates external attack surface management using multi-agent architecture with LangGraph.

• 🤖 Multi-Agent AI System - Specialized agents for security tasks
  • Threat Intelligence Agent - IOC correlation, attack prediction, threat monitoring
  • Analysis Agent - Vulnerability assessment, compliance checking (OWASP, CWE, PCI-DSS, ISO 27001, etc)
  • Incident Responder Agent - Attack detection, automated response, forensic analysis
  • Orchestrator Agent - Workflow coordination, natural language interface
• 🔍 Threat Intelligence - Real-time monitoring and analysis
• 🛡️ Vulnerability Management - Automated scanning and prioritization
• 📊 Compliance Checking - OWASP, CWE, PCI-DSS, ISO 27001, etc
• ⚡ Incident Response - Automated detection and response
• 🔧 Utility Tools - Domain Classifier, Nuclei Template Generator, Issue Resolver

# Clone repository
git clone https://github.com/oasm-platform/oasm-assistant.git
cd oasm-assistant

# Configure
cp .env.example .env
nano .env # Edit environment variables

# Start services
docker compose up -d oasm-assistant-postgresql oasm-assistant-app oasm-assistant-searxng oasm-assistant-ollama

# Pull model for Ollama (if using Ollama LLM)
docker exec -it oasm-assistant-ollama ollama pull llama3

📖 Detailed Installation Guide

Intelligent automation layer built on top of OASM Platform

Components:

• Multi-Agent System - Threat Intel • Analysis • Incident Response • Orchestrator
• LLM Providers - Local (Ollama, vLLM, SGLang) • Cloud (OpenAI, Claude, Gemini)
• AI Tools - RAG System (pgvector) • SearXNG • Domain Classifier • Nuclei Generator • Issue Resolver

Integration:

• gRPC - High-performance communication with Core API
• MCP Protocol - Real-time asset context and knowledge retrieval
• PostgreSQL - Vector search for RAG (Retrieval Augmented Generation)

Central platform for external attack surface management → View Core Platform

Components:

• Web Console - Management dashboard
• Core API & MCP Server - REST, gRPC, MCP protocols
• Database - PostgreSQL, Redis, Kafka
• Distributed Workers - Security scanning execution

External Resources:

• Internet/Attack Surface - Target systems
• Knowledge Base - Nuclei Templates, OWASP, MITRE ATT&CK, etc

• Installation Guide - Docker setup, GPU configuration
• Configuration Guide - Environment variables, provider setup
• LLM Deployment - Complete LLM & embedding setup

• Architecture (coming soon)
• API Reference (coming soon)
• Development Guide (coming soon)

• AI Framework: LangGraph, LangChain
• LLM Providers: Ollama, vLLM, SGLang, OpenAI, Anthropic, Google
• RAG: pgvector (vector search), BM25 (keyword search)
• Communication: gRPC, MCP (Model Context Protocol)
• Storage: PostgreSQL with pgvector extension

MIT License - see LICENSE file.

For defensive security only. Use only on systems you own or have permission to test.

Built by Team OASM-Platform • Documentation • Issues