Discover and explore top open-source AI tools and projects—updated daily.
SecurityClawAutonomous SOC agent for real-time threat detection
Top 99.8% on SourcePulse
SecurityClaw is an autonomous Security Operations Center (SOC) agent designed to automate threat detection, investigation, and response. It addresses the challenge of real-time security data analysis by leveraging a modular, skill-based architecture, RAG-powered memory, and LLM-driven anomaly validation, providing security teams with an intelligent, agentic framework for proactive defense.
How It Works
SecurityClaw employs a modular, skill-based design where capabilities are isolated folders containing Python logic and LLM instructions. It utilizes a RAG-based approach, storing vector embeddings of network behavior in OpenSearch/Elasticsearch to build a contextual memory. Orchestration is handled by LangGraph, implementing a DECIDE→EXECUTE→EVALUATE loop, while manifest-grounded planning ensures supervisor actions align with declared skill contracts, enhancing reliability and maintainability. A heartbeat scheduler manages background tasks like anomaly watching and memory building.
Quick Start & Requirements
qwen2.5:7b-instruct-q4_K_M, nomic-embed-text:latest).pip install -r requirements.txt..venv/bin/python main.py onboard to configure database, LLM, and API settings..venv/bin/python main.py service to launch the web UI, API, and scheduler, or .venv/bin/python main.py run for CLI/background operation.ONBOARDING.md.Highlighted Details
logic.py, instruction.md) for easy management and extension.Maintenance & Community
The README does not detail specific contributors, sponsorships, or community channels (e.g., Discord, Slack). Areas for enhancement are listed under "Contributing," suggesting active development focus.
Licensing & Compatibility
The provided README does not specify a software license. This omission presents a significant adoption blocker, as the terms for use, modification, and distribution are unclear. Compatibility with commercial or closed-source applications is undetermined without a license.
Limitations & Caveats
Several skills are marked as "In-Progress" and require active validation or refactoring, including anomaly_triage, forensic_examiner, and baseline_querier. Enhancements such as advanced MITRE ATT&CK mapping, improved RAG context parsing, and multi-tenant support are noted as future development areas. The absence of a defined software license is a critical limitation for adoption.
3 weeks ago
Inactive
aliasrobotics