{"id":31764081,"url":"https://github.com/funnywolf/ai-soc-framework","last_synced_at":"2025-10-09T23:42:29.578Z","repository":{"id":315064135,"uuid":"1052094299","full_name":"FunnyWolf/ai-soc-framework","owner":"FunnyWolf","description":"基于 LLM 的告警分析框架，通过模块化的方式构建安全智能体进行告警分析","archived":false,"fork":false,"pushed_at":"2025-09-24T13:53:01.000Z","size":366,"stargazers_count":9,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2025-09-24T15:35:04.723Z","etag":null,"topics":["blueteam","cybersecurity","dify","langchain","langgraph","llm"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/FunnyWolf.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-07T11:49:34.000Z","updated_at":"2025-09-24T13:53:05.000Z","dependencies_parsed_at":"2025-09-16T14:40:38.177Z","dependency_job_id":"85cef151-bd0d-4b44-a6fd-ae1e7d695b60","html_url":"https://github.com/FunnyWolf/ai-soc-framework","commit_stats":null,"previous_names":["funnywolf/ai-soc-framework"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/FunnyWolf/ai-soc-framework","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FunnyWolf%2Fai-soc-framework","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FunnyWolf%2Fai-soc-framework/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FunnyWolf%2Fai-soc-framework/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FunnyWolf%2Fai-soc-framework/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/FunnyWolf","download_url":"https://codeload.github.com/FunnyWolf/ai-soc-framework/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FunnyWolf%2Fai-soc-framework/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279002305,"owners_count":26083341,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-09T02:00:07.460Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blueteam","cybersecurity","dify","langchain","langgraph","llm"],"created_at":"2025-10-09T23:42:26.439Z","updated_at":"2025-10-09T23:42:29.573Z","avatar_url":"https://github.com/FunnyWolf.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AI SOC Framework (ASF)\n\n基于AI Agent的SOC自动化框架.灵活,强大,本地部署.\n\n## 功能\n\n- 基于Webhook + Redis Stream的告警流水线,支持主流SIEM平台\n- 提供Langchain/Langgraph/Dify等AI Agent模块模板,快速开发Pre Automation/Post Automation模块\n- 内置功能齐全的工单平台(AI SOAR),支持Artifact-\u003eAlert-\u003eCase网络安全告警数据模型\n- AI SOAR内置简单易用的告警聚合功能,支持默认规则和自定义规则\n- 框架代码皆为Python编写,易于二次开发和扩展\n\n### AI SOAR Dashboard\n\n![img.png](Static/img.png)\n\n![img_1.png](Static/img_1.png)\n\n### AI SOAR Case Table\n\n![img_2.png](Static/img_2.png)\n\n![img_3.png](Static/img_3.png)\n\n![img_4.png](Static/img_4.png)\n\n![img_5.png](Static/img_5.png)\n\n### AI SOAR Alert Table\n\n![img_6.png](Static/img_6.png)\n\n![img_7.png](Static/img_7.png)\n\n![img_8.png](Static/img_8.png)\n\n![img_9.png](Static/img_9.png)\n\n### AI SOAR Artifact Table\n\n![img_10.png](Static/img_10.png)\n\n![img_11.png](Static/img_11.png)\n\n### Redis Alert Stream\n\n![img_12.png](Static/img_12.png)\n\n## 为什么使用ASF \u0026 ASF解决哪些问题\n\n- 预算/资源有限无法购买商用SOAR产品\n\n\u003e ASF完全开源免费,且支持对接社区版的ELK(SIEM),企业只需有基础的安全设备和日志采集能力即可构建完整的SOC基础设施\n\n- 所有网络安全相关数据不允许离开企业内网\n\n\u003e ASF所有组件(AI SOAR/Redis Stack/Module Framework)均可本地部署,可以通过vllm/ollama等部署本地化的LLM,实现完全本地化的AI\n\u003e Agent能力\n\n- 对于工单管理有大量定制化需求,不限于个性化UI,定制化流程,自定义数据模型,数据报表等\n\n\u003e ASF的AI SOAR基于[Nocoly](https://www.nocoly.com/)构建,无需编写代码即可实现定制化UI修改,自定义工作流,自定义报表等\n\n- 出于特定的安全业务需求或提高效率,需要定制化的AI Agent分析告警\n\n\u003e ASF提供模块模板及样例模块,用户可根据自身需求快速开发定制化的AI Agent模块,支持多框架(Langchain/Langgraph/Dify等)\n\n- 内部系统/设备接口众多,需要额外的数据处理及转化,主流的SOAR(如Swimlane/Splunk SOAR)或可视化编排产品(n8n)等无法满足需求\n\n\u003e ASF的模块开发完全基于Python,用户可以使用任何Python库,并且可以灵活地对接任何API或设备\n\n- SOAR的自动化剧本和自定义的自动化脚本无法调试\n\n\u003e ASF中有用于调试的适配性代码,用户可单独运行模块对指定告警(Redis Insight检索查看)进行调试,而无需启动整个框架\n\n## 不适用于哪些场景\n\n- 安全团队没有基础的Python开发能力\n\n\u003e ASF不是开箱即用平台,需要一定的Python开发能力来进行模块开发和定制化\n\n- 企业使用单独厂商一揽子解决方案(如XDR/MDR/MSS等)\n\n\u003e ASF需要告警数据或日志来进行自动化分析,XDR/MDR/MSS等封闭系统无法实现\n\n- 企业没有基础的安全设备和日志采集能力\n\n\u003e 没有设备就没有日志和告警,那也就不需要自动化\n\n## 架构图\n\n![img.png](Static/img_arch.png)\n\n\n## TODO\n\n- 详细的安装和使用文档\n\n\u003e nocoly的部署,redis stack的部署\n\n- 各个部分的设计思想\n- uwsgi配置\n- 通过case_id/alert_id/artifact_id获取数据的api接口\n\n## 许可证\n\n该项目采用 [MIT](https://choosealicense.com/licenses/mit/) 许可证。\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffunnywolf%2Fai-soc-framework","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffunnywolf%2Fai-soc-framework","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffunnywolf%2Fai-soc-framework/lists"}