Discover and explore top open-source AI tools and projects—updated daily.
socprimeAI-driven cybersecurity detection and enrichment platform
New!
Top 79.8% on SourcePulse
Detection intelligence turbocharged with AI, DetectFlow addresses slow cyberattack detection by enabling line-speed analysis using AI trained on extensive historical data. It targets security operations teams and engineers, offering sub-second Mean Time To Detect (MTTD) and transforming daily work from SIEM tuning to comprehensive detection orchestration across diverse data pipelines.
How It Works
This project utilizes Apache Flink for real-time stream processing and Apache Kafka for data ingestion. It tags events in-flight with metadata from Sigma detection rules, sourced optionally from the SOC Prime Platform or GitHub repositories, before they reach SIEMs. This approach allows for sub-second MTTD, scales rule capacity by 10x on existing infrastructure, and operates without requiring changes to the current SIEM ingestion architecture.
Quick Start & Requirements
Highlighted Details
Maintenance & Community
The provided README does not detail community channels (e.g., Discord, Slack), notable contributors, sponsorships, or a public roadmap. It mentions integration with the SOC Prime Platform for rule synchronization.
Licensing & Compatibility
Limitations & Caveats
Deployment demands significant Kubernetes and infrastructure expertise. The system comprises multiple interdependent services (Backend, UI, MatchNode, Schema Parser). Optional features like cloud rule synchronization necessitate internet access and API keys.
6 days ago
Inactive
netdata