Skip to content

Open-source / Private / Agent-ready

Agentic SOC Platform

Converge alerts into Cases, and let analysts, LLMs, Playbooks, and Harness Agents investigate, enrich, respond, and capture knowledge in one workspace.

Case workspace Python customization Harness Agent
Agentic SOC Platform workspace preview

Workflow

Security operations loop

ASP connects the work usually split across SIEM, SOAR, threat intelligence, and knowledge systems into one traceable workflow.

01Alert intakeSIEM / Webhook
02Case triageCorrelate and prioritize
03AI investigationDraft reports and verdicts
04Playbook automationEnrich and act
05Reusable knowledgeCapture what worked
01Signal intake

Turn alert floods into actionable cases

Modules stream SIEM / Webhook alerts, extract IOCs, correlate context, and create cases, alerts, and artifacts so raw logs become triageable and reviewable security events.

Explore Case workspace
Turn alert floods into actionable cases
02AI investigation

Generate investigation reports with AI

ASP gathers alerts, entities, logs, and enrichment results around a case, then outputs severity, confidence, impact, priority, verdicts, attack chains, and remediation guidance as a reviewable investigation report.

Learn about investigations
Generate investigation reports with AI
03Playbooks

Push complex investigations forward with one click

Run LLM investigations, knowledge extraction, threat intelligence enrichment, and CMDB enrichment around each case, combining SOAR-style workflows, AI analysis, and human decisions.

Explore Playbooks
Push complex investigations forward with one click
04Agent ecosystem

Bring Harness Agents into SOC workflows

Expose ASP capabilities to Harness Agents through asp-cli and Skills so Harness Agents can operate cases, search logs, query threat intelligence, and write modules or playbooks.

See Skills
Bring Harness Agents into SOC workflows
05Unified data

Use one investigation entry point for multiple SIEMs

Manage Splunk, ELK, and index actions through YAML configuration. Analysts, LLMs, and Harness Agents use one search interface without caring about backend query differences.

Learn SIEM YAML
Use one investigation entry point for multiple SIEMs
06Enrichment

Attach threat context to every suspicious entity

Automatically enrich IOCs and artifacts with reputation, pulses, asset context, identity context, and historical evidence so every entity enters the investigation with supporting context.

Explore Enrichment
Attach threat context to every suspicious entity
07Knowledge loop

Accumulate reusable knowledge from every response

Extract reusable knowledge from closed cases, investigation notes, remediation steps, and discussions to build an organizational security knowledge base that improves future responses.

Explore Knowledge
Accumulate reusable knowledge from every response
08Governance

Built-in collaboration, audit, and access control

Local / LDAP login, user roles, API keys, Inbox notifications, and Audit Log provide the governance layer needed for collaboration, accountability, and automation access.

Explore Audit Log
Built-in collaboration, audit, and access control
09Customization

Adapt quickly with Python modules and playbooks

Use Python modules to adapt new SIEM rules and alert sources, then orchestrate LLM analysis and automated actions with playbooks so the platform grows with your security scenarios.

View module examples
Adapt quickly with Python modules and playbooks
10Deployment

Open source, private, Python & TypeScript

MIT licensed and designed for on-premise deployment, ASP keeps security data inside your network while keeping backend, frontend, extension scripts, and deployment flows clear for customization.

View deployment options
Open source, private, Python & TypeScript