Turn alert floods into actionable cases
Modules stream SIEM / Webhook alerts, extract IOCs, correlate context, and create cases, alerts, and artifacts so raw logs become triageable and reviewable security events.
Explore Case workspace →
Open-source / Private / Agent-ready
Converge alerts into Cases, and let analysts, LLMs, Playbooks, and Harness Agents investigate, enrich, respond, and capture knowledge in one workspace.

Workflow
ASP connects the work usually split across SIEM, SOAR, threat intelligence, and knowledge systems into one traceable workflow.
Modules stream SIEM / Webhook alerts, extract IOCs, correlate context, and create cases, alerts, and artifacts so raw logs become triageable and reviewable security events.
Explore Case workspace →
ASP gathers alerts, entities, logs, and enrichment results around a case, then outputs severity, confidence, impact, priority, verdicts, attack chains, and remediation guidance as a reviewable investigation report.
Learn about investigations →
Run LLM investigations, knowledge extraction, threat intelligence enrichment, and CMDB enrichment around each case, combining SOAR-style workflows, AI analysis, and human decisions.
Explore Playbooks →
Expose ASP capabilities to Harness Agents through asp-cli and Skills so Harness Agents can operate cases, search logs, query threat intelligence, and write modules or playbooks.
See Skills →
Manage Splunk, ELK, and index actions through YAML configuration. Analysts, LLMs, and Harness Agents use one search interface without caring about backend query differences.
Learn SIEM YAML →
Automatically enrich IOCs and artifacts with reputation, pulses, asset context, identity context, and historical evidence so every entity enters the investigation with supporting context.
Explore Enrichment →
Extract reusable knowledge from closed cases, investigation notes, remediation steps, and discussions to build an organizational security knowledge base that improves future responses.
Explore Knowledge →
Local / LDAP login, user roles, API keys, Inbox notifications, and Audit Log provide the governance layer needed for collaboration, accountability, and automation access.
Explore Audit Log →
Use Python modules to adapt new SIEM rules and alert sources, then orchestrate LLM analysis and automated actions with playbooks so the platform grows with your security scenarios.
View module examples →
MIT licensed and designed for on-premise deployment, ASP keeps security data inside your network while keeping backend, frontend, extension scripts, and deployment flows clear for customization.
View deployment options →