#agentic_soc — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #agentic_soc, aggregated by home.social.
-
🎥 Video: ASPS — Agentic SOC Parallel Simulation Center ===================
Opening (executive summary):
ASPS is presented as a research-and-simulation platform that models a complete SOC team in a parallel virtual space. The platform combines a strong reasoning model called DeepSeek, a Model Context Protocol MCP for inter-agent context sharing, and OCSF-formatted telemetry stored in an integrated security data warehouse. The design intent is autonomous, multi-agent exercises that span attack generation through final reporting.Technical details:
• Agents and roles: seven distinct agents perform discrete SOC functions — Purple Team (traffic generation), Detection Engineer (rule authoring and verification), Analysis Engine (rule execution and alerting), Triage (false-positive filtering), Forensics (chain construction), Commander (response orchestration), Reporter (structured incident reports).• Data model and telemetry: the platform relies on OCSF as the canonical event schema and provides a lightweight Security Data Warehouse for storage, pivot visualization, and raw-log inspection to validate observability and signature quality.
• Reasoning and orchestration: DeepSeek supplies layered Chain-of-Thought reasoning to support analyst-like deductions. MCP serves as the context protocol enabling agents to exchange structured model state, prompts, and evidence without conflating agent internals.
Implementation concepts (high level):
• Simulation flow: Purple Team creates high-fidelity attack traffic and background noise; Detection Engineer synthesizes detection rules from observed telemetry; Analysis Engine runs detections to produce alerts that Triage evaluates; Forensics reconstructs attack graphs that Commander uses to propose actions; Reporter archives outputs.• Explainability: the Detection Engineering Workbench traces transformations from raw events to detection rules, enabling auditability and human review of automated rule generation.
Limitations and considerations:
• Observability dependency: fidelity depends on the quality and coverage of OCSF telemetry and scenario realism from the Purple Team.
• Autonomous risk: automated rule generation and response decisioning require validation to avoid operational hazards in production-like environments.
• Research maturity: described features emphasize exploratory capability; real-world deployment constraints (integration, scale, governance) are not exhaustively detailed.Use cases:
• Testing detection coverage and SOC playbooks in controlled parallel runs.
• Research into multi-agent reasoning for security automation.🔹 tool #OCSF #MCP #DeepSeek #Agentic_SOC
🔗 Source: https://github.com/SafelineMan/Agentic-SOC-Simulation