home.social

#agentic_soc — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #agentic_soc, aggregated by home.social.

  1. 🎥 Video: ASPS — Agentic SOC Parallel Simulation Center ===================

    Opening (executive summary):
    ASPS is presented as a research-and-simulation platform that models a complete SOC team in a parallel virtual space. The platform combines a strong reasoning model called DeepSeek, a Model Context Protocol MCP for inter-agent context sharing, and OCSF-formatted telemetry stored in an integrated security data warehouse. The design intent is autonomous, multi-agent exercises that span attack generation through final reporting.

    Technical details:
    • Agents and roles: seven distinct agents perform discrete SOC functions — Purple Team (traffic generation), Detection Engineer (rule authoring and verification), Analysis Engine (rule execution and alerting), Triage (false-positive filtering), Forensics (chain construction), Commander (response orchestration), Reporter (structured incident reports).

    • Data model and telemetry: the platform relies on OCSF as the canonical event schema and provides a lightweight Security Data Warehouse for storage, pivot visualization, and raw-log inspection to validate observability and signature quality.

    • Reasoning and orchestration: DeepSeek supplies layered Chain-of-Thought reasoning to support analyst-like deductions. MCP serves as the context protocol enabling agents to exchange structured model state, prompts, and evidence without conflating agent internals.

    Implementation concepts (high level):
    • Simulation flow: Purple Team creates high-fidelity attack traffic and background noise; Detection Engineer synthesizes detection rules from observed telemetry; Analysis Engine runs detections to produce alerts that Triage evaluates; Forensics reconstructs attack graphs that Commander uses to propose actions; Reporter archives outputs.

    • Explainability: the Detection Engineering Workbench traces transformations from raw events to detection rules, enabling auditability and human review of automated rule generation.

    Limitations and considerations:
    • Observability dependency: fidelity depends on the quality and coverage of OCSF telemetry and scenario realism from the Purple Team.
    • Autonomous risk: automated rule generation and response decisioning require validation to avoid operational hazards in production-like environments.
    • Research maturity: described features emphasize exploratory capability; real-world deployment constraints (integration, scale, governance) are not exhaustively detailed.

    Use cases:
    • Testing detection coverage and SOC playbooks in controlled parallel runs.
    • Research into multi-agent reasoning for security automation.

    🔹 tool #OCSF #MCP #DeepSeek #Agentic_SOC

    🔗 Source: github.com/SafelineMan/Agentic