ai-soc-agent
by M507
Overview
An AI-powered Security Operations Center (SOC) agent designed to automate incident response, case management, threat intelligence lookups, EDR actions, and SIEM investigations.
Installation
python cursor_agent.py --webEnvironment Variables
- SAMIGPT_THEHIVE_BASE_URL
- SAMIGPT_THEHIVE_API_KEY
- SAMIGPT_IRIS_BASE_URL
- SAMIGPT_IRIS_API_KEY
- SAMIGPT_ELASTIC_BASE_URL
- SAMIGPT_ELASTIC_API_KEY
- SAMIGPT_ELASTIC_USERNAME
- SAMIGPT_ELASTIC_PASSWORD
- SAMIGPT_EDR_BASE_URL
- SAMIGPT_EDR_API_KEY
- SAMIGPT_EDR_TYPE
- SAMIGPT_CTI_BASE_URL
- SAMIGPT_CTI_API_KEY
- SAMIGPT_CTI_TYPE
- SAMIGPT_TRELLO_API_KEY
- SAMIGPT_TRELLO_API_TOKEN
- SAMIGPT_TRELLO_FINE_TUNING_BOARD_ID
- SAMIGPT_TRELLO_ENGINEERING_BOARD_ID
- SAMIGPT_CLICKUP_API_TOKEN
- SAMIGPT_CLICKUP_FINE_TUNING_LIST_ID
- SAMIGPT_CLICKUP_ENGINEERING_LIST_ID
- SAMIGPT_CLICKUP_SPACE_ID
- SAMIGPT_GITHUB_API_TOKEN
- SAMIGPT_GITHUB_FINE_TUNING_PROJECT_ID
- SAMIGPT_GITHUB_ENGINEERING_PROJECT_ID
- SAMIGPT_LOGGING_LEVEL
- SAMIGPT_LOGGING_DIR
- SAMIGPT_WEB_SECRET_KEY
- SAMIGPT_WEB_USERNAME
- SAMIGPT_WEB_PASSWORD
- SAMIGPT_OPENAI_API_KEY
Security Notes
CRITICAL: The `RulesEngine` (`src/mcp/rules_engine.py`) uses `eval()` to process rule `trigger` and `action` strings. If an attacker can manipulate these rule definitions (e.g., through compromised configuration files or an unauthenticated API that allows rule modification), this allows for arbitrary code execution on the server. This is a severe vulnerability. Additionally, the HTTP clients (e.g., `iris_http.py`, `elastic_http.py`) expose a `verify_ssl` parameter which defaults to `True` but is explicitly set to `False` in the `config.json` example and can be configured as `False`. Running with `verify_ssl=False` in production makes the application vulnerable to Man-in-the-Middle (MITM) attacks. The system relies heavily on API keys/tokens for numerous integrations (SIEM, EDR, Case Management, CTI, Engineering). Compromise of these credentials could lead to significant security breaches or unauthorized actions in integrated security tools. Secure management of these secrets is paramount.
Similar Servers
VibeShift
VibeShift is an intelligent security agent that integrates with AI coding assistants to analyze AI-generated code for vulnerabilities, suggest remediations, and facilitate web test recording, crawling, and execution.
Reversecore_MCP
The Reversecore_MCP server provides a Micro-Capability Platform (MCP) enabling AI agents to perform comprehensive binary analysis, malware detection, vulnerability research, and security report generation using integrated tools like Radare2, Ghidra, LIEF, and YARA.
mcp-pentest
An AI-driven middleware to orchestrate and manage penetration testing tools and engagements.
mcp-contrast
The MCP Server integrates with Contrast Security products (Assess, Scan, SCA, Protect/ADR) to expose application security data and capabilities as tools for AI/ML clients.