ai-soc-agent
by M507
Overview
AI-powered Security Operations Center (SOC) agent for incident response, case management, SIEM, EDR, CTI, and engineering task orchestration.
Installation
python cursor_agent.py serve --host 0.0.0.0 --port 8000Environment Variables
- SAMIGPT_OPENAI_API_KEY
- SAMIGPT_IRIS_BASE_URL
- SAMIGPT_IRIS_API_KEY
- SAMIGPT_ELASTIC_BASE_URL
- SAMIGPT_ELASTIC_API_KEY
- SAMIGPT_EDR_BASE_URL
- SAMIGPT_EDR_API_KEY
- SAMIGPT_CTI_BASE_URL
- SAMIGPT_CTI_API_KEY
- SAMIGPT_WEB_SECRET_KEY
- SAMIGPT_WEB_USERNAME
- SAMIGPT_WEB_PASSWORD
Security Notes
The `_run_cursor_agent` function in `src/ai_controller/agent_executor.py` executes an external `cursor-agent` command using `subprocess.run` with `prompt_text` directly included in the arguments. If `prompt_text` can be influenced by untrusted input, this poses a severe command injection vulnerability. While the system typically generates prompts internally, any exposure to external users could be critical. Additionally, the `ElasticSIEMClient` allows passing raw Elasticsearch Query DSL, which, if not properly validated by the underlying Elasticsearch API, could lead to powerful but potentially malicious queries (e.g., data exfiltration, denial of service). The system also handles various API keys and tokens for numerous integrations, necessitating robust secrets management.
Similar Servers
VibeShift
VibeShift is an intelligent security agent that integrates with AI coding assistants to analyze AI-generated code for vulnerabilities, suggest remediations, and facilitate web test recording, crawling, and execution.
pentestMCP
This MCP server enables AI agents to perform automated and interactive penetration testing tasks by exposing a suite of security assessment utilities as callable tools.
mcp-pentest
An AI-driven middleware to orchestrate and manage penetration testing tools and engagements.
mcp-server-thehive
Provides AI models and automation tools with programmatic access to TheHive incident response platform for security operations and case management.