Thanks to visit codestin.com
Credit goes to github.com

Skip to content

nbajpai-code/agenticSOC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

78 Commits
.github/workflows
.github/workflows
 
 
papers
papers
 
 
red
red
 
 
soc
soc
 
 
talks
talks
 
 
AGENTIC_SOC_MARKET_REPORT.md
AGENTIC_SOC_MARKET_REPORT.md
 
 
AI_AGENTS_MARKET_RESEARCH.md
AI_AGENTS_MARKET_RESEARCH.md
 
 
AI_Driven_Network_and_Application_Security.md
AI_Driven_Network_and_Application_Security.md
 
 
CHATGPT_THREAT_INTEL_PROMPTS.md
CHATGPT_THREAT_INTEL_PROMPTS.md
 
 
CISO_TALKS.md
CISO_TALKS.md
 
 
CYBERSECURITY_FRAMEWORKS.md
CYBERSECURITY_FRAMEWORKS.md
 
 
CYBERSECURITY_FRONTIERS.md
CYBERSECURITY_FRONTIERS.md
 
 
Computational_Intelligence_Cybersecurity_Frameworks.md
Computational_Intelligence_Cybersecurity_Frameworks.md
 
 
DATABRICKS_BLACKICE.md
DATABRICKS_BLACKICE.md
 
 
OWASP_AIVSS.md
OWASP_AIVSS.md
 
 
PICARD_FRAMEWORK.md
PICARD_FRAMEWORK.md
 
 
README.md
README.md
 
 
RESEARCH_PAPERS.md
RESEARCH_PAPERS.md
 
 
SECURITY_CERTIFICATIONS.md
SECURITY_CERTIFICATIONS.md
 
 
SECURITY_SCANNERS.md
SECURITY_SCANNERS.md
 
 
SECURITY_WEEK_SUMMARY.md
SECURITY_WEEK_SUMMARY.md
 
 
TELECOM_SECURITY_PROTOCOLS.md
TELECOM_SECURITY_PROTOCOLS.md
 
 
THREAT_INTELLIGENCE_PLATFORMS.md
THREAT_INTELLIGENCE_PLATFORMS.md
 
 
THREAT_MODELING_FRAMEWORKS.md
THREAT_MODELING_FRAMEWORKS.md
 
 
YARA_RULES_LLM_SECURITY.md
YARA_RULES_LLM_SECURITY.md
 
 
industry.md
industry.md
 
 
main.py
main.py
 
 
requirements.txt
requirements.txt
 
 
state_of_ai_agent_security_report_pdf_2026.pdf
state_of_ai_agent_security_report_pdf_2026.pdf
 
 
tools.md
tools.md
 
 
unlocking-enterprise-ai.pdf
unlocking-enterprise-ai.pdf
 
 

Repository files navigation

Agentic SOC Reference Architecture

This repository contains a reference implementation of an Agentic Security Operations Center (SOC) using LangChain and LangGraph.

It demonstrates a multi-agent workflow where specialized AI agents collaborate to handle security alerts:

  1. Triage Agent: Analyzes raw alerts to determine severity and validity.
  2. Investigation Agent: Gathers context using (mock) security tools like SIEM logs and Threat Intel.
  3. Response Agent: Proposes remediation actions based on the investigation.

Architecture

graph TD
    Start([Alert In]) --> Triage
    Triage -- "False Positive" --> End([End w/ Note])
    Triage -- "Incident" --> Investigation
    Investigation --> Response
    Response --> End
Loading

Features

  • Stateful Workflow: Uses LangGraph to maintain context (alert data, investigation findings) across agent steps.
  • Mock Tools: Includes simulated tools for search_logs, virustotal_lookup, and firewall_block_ip to demonstrate tool use without needing live API keys.
  • Extensible: Designed to be easily adapted to real integrations (Splunk, Microsoft Sentinel, etc.).

Setup

  1. Clone the repository.
  2. Install dependencies: 
    pip install -r requirements.txt
  3. Run the demo: 
    python main.py

Project Structure

  • main.py: Entry point for the simulation.
  • soc/: Core package.
    • graph.py: Defines the LangGraph workflow.
    • state.py: Defines the shared application state.
    • agents/: Agent implementations (prompts and logic).
    • tools/: Tool definitions.

EC COUNCIL GITHUB

LANGSMITH HUB

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages