Platform Capabilities
Every component built from the ground up for autonomous security operations
14-Agent SOC Platform
AuroraSOC currently runs one orchestrator plus 13 specialist agents. The default production path stays Python-first, while the Rust core remains an explicit opt-in fast path for high-throughput ingest and attestation workloads.
CPS / IoT / OT Security
Hardware-rooted device attestation using ECDSA P-256 signatures. Custom firmware for STM32 (Ada SPARK), nRF52840 (Rust Embassy), and ESP32-S3 (Zephyr RTOS) with physical-cyber event correlation.
Real-Time Event Pipeline
Redis Streams drive the default internal event path, NATS JetStream handles durable cross-site federation, and Mosquitto MQTT with mTLS carries IoT edge telemetry into the active Python ingest path.
SOAR Playbook Engine
Automated incident response with conditional branching, dry-run simulation, and human approval gates for high-risk actions. Analysts can validate workflows safely in dummy or dry-run mode before enabling real execution.
Three-Tier Agent Memory
Working memory via sliding window, episodic recall via PostgreSQL + pgvector, and Redis-backed operational caching for IOC enrichment and fast analyst-facing retrieval.
Full Observability Stack
OpenTelemetry distributed tracing across all agents, Prometheus metrics scraping, Grafana dashboards, and structured JSON logging with trace-ID correlation for end-to-end investigation audit trails.
Technology Stack
Built on battle-tested foundations
