Project Overview intelliSOC is an AI-copilot prototype for Security Operations Centers (SOC) that automates the forensic analysis of security logs. It bridges the gap between raw, unstructured log data and actionable incident mitigation.
Key Features:
Multi-Agent Pipeline: Specialized agents handle individual stages of analysis: Entity Extraction, Temporal Event Correlation, Severity/Confidence Scoring, and MITRE Mapping.
Evidence Validation: Prevents analytical hallucinations by directly binding every security finding to the raw log lines that triggered it.
Human-in-the-Loop (HITL) Queue: An interactive queue that lets security analysts approve or reject containment recommendations (such as IP blocking or host isolation) before execution.
Modern Decoupled Stack: A high-performance FastAPI (Python) backend coupled with a Vite/React dark-themed operational dashboard.
