Welcome to AuroraSOC
AuroraSOC is an enterprise-grade, decentralized Agentic AI Security Operations Center (SOC) that combines cutting-edge AI agent technology with hardware-rooted IoT/CPS security. It is built on the IBM BeeAI Agent Framework and designed to automate the full lifecycle of security operations — from alert triage to incident response.
What is AuroraSOC?
Think of AuroraSOC as a team of 16 AI security specialists working together to protect your organization. Each agent is an expert in a specific domain — just like a real SOC team — but powered by Large Language Models (LLMs) and connected to real security tools.
Why AuroraSOC?
Traditional SOCs face several challenges:
| Challenge | Traditional SOC | AuroraSOC |
|---|---|---|
| Alert Fatigue | Analysts manually triage thousands of alerts | AI agents auto-triage, deduplicate, and correlate alerts |
| Slow Response | Hours to investigate and respond | Minutes through automated playbook execution |
| IoT/CPS Blind Spot | Limited visibility into OT/IoT devices | Hardware-rooted attestation with physical-cyber correlation |
| Knowledge Silos | Expertise trapped in individual analysts | Shared three-tier memory system across all agents |
| Scalability | Hiring more analysts is expensive | Deploy more agent replicas on demand |
| 24/7 Coverage | Shift rotations with human fatigue | AI agents operate continuously without fatigue |
Key Design Principles
AuroraSOC is built on these foundational principles:
-
No Kafka, No LangChain, No LangGraph — Uses Redis Streams + NATS JetStream for event bus and IBM BeeAI for agents. This avoids the complexity and overhead of Kafka while providing all necessary event streaming capabilities, and uses a purpose-built agent framework instead of generic LLM chains.
-
Hardware-Rooted Trust — Every IoT/CPS device performs cryptographic attestation using hardware security modules, ensuring firmware integrity from the physical layer up.
-
Human-in-the-Loop — High-risk actions always require human approval. The AI assists, but humans remain in control of critical decisions.
-
Graceful Degradation — If the database is down, the API serves demo data. If an agent fails, the circuit breaker pattern prevents cascading failures.
-
Full Observability — Every agent action is traced with OpenTelemetry, logged with structured JSON, and metriced with Prometheus.
Technology Stack at a Glance
Who is This Documentation For?
This documentation is organized into two main sections:
📖 User Guide (You Are Here)
For SOC analysts, operators, and administrators who use AuroraSOC daily:
- How to navigate the dashboard
- How to manage alerts and cases
- How to configure and monitor AI agents
- How to manage CPS/IoT devices
- Understanding the security model
🛠️ Developer Guide
For developers and engineers who build, extend, or maintain AuroraSOC:
- System architecture deep-dives
- How each component is implemented and why
- How to add new agents, tools, and integrations
- API reference and testing guide
Quick Navigation
| I want to... | Go to... |
|---|---|
| Get AuroraSOC running quickly | Quick Start |
| Understand the dashboard | Dashboard Overview |
| Learn about the AI agents | Agentic AI SOC Concepts |
| Manage alerts and cases | Alert Management |
| Understand authentication | Authentication |
| Monitor CPS/IoT devices | CPS/IoT Devices |