Quick Start Guide
Get AuroraSOC running on your machine in under 10 minutes. This guide covers the fastest path to a working system, with the full infrastructure running in Docker and the API serving demo data.
Prerequisites
Before you begin, make sure you have:
- Docker (v24+) and Docker Compose (v2.20+)
- Python 3.12+
- Node.js 22+ and npm (for the dashboard)
- Git
- At least 16 GB RAM (recommended 32 GB for full agent deployment)
- GPU is optional but recommended for faster LLM inference
You can run AuroraSOC in two modes:
- Demo Mode: API + Dashboard only (no agents, uses in-memory demo data) — needs just 4 GB RAM
- Full Mode: All agents + infrastructure — needs 16-32 GB RAM + GPU
Step 1: Clone the Repository
git clone https://github.com/your-org/AuroraSOC.git
cd AuroraSOC
Step 2: Start Infrastructure Services
Start the database, cache, event bus, and monitoring services:
# Development infrastructure (lightweight)
docker compose -f docker-compose.dev.yml up -d
# Verify all services are healthy
docker compose -f docker-compose.dev.yml ps
This starts:
| Service | Port | Purpose |
|---|---|---|
| PostgreSQL 16 | 5432 | Primary database |
| Redis 7 | 6379 | Cache + event streams |
| NATS 2.10 | 4222 | Cross-site federation |
| Qdrant | 6333 | Vector similarity search |
| Mosquitto | 1883/8883 | MQTT for IoT devices |
| Prometheus | 9090 | Metrics collection |
| Grafana | 3001 | Metrics visualization |
| OTel Collector | 4317 | Distributed tracing |
Step 3: Install Python Dependencies
# Create and activate a virtual environment (recommended)
python3 -m venv .venv
source .venv/bin/activate
# Install AuroraSOC with development dependencies
pip install -e ".[dev]"
Step 4: Run Database Migrations
alembic upgrade head
This creates all 11 database tables: alerts, cases, case_timeline, cps_devices, attestation_results, playbooks, playbook_executions, iocs, agent_audit_log, human_approvals, and reports.
Step 5: Start the API Server
uvicorn aurorasoc.api.main:app --host 0.0.0.0 --port 8000 --reload
The API starts with comprehensive demo data even without database population:
- 30 simulated security alerts across all severity levels
- 15 investigation cases in various stages
- 13 CPS/IoT devices with attestation status
- 16 AI agents in the registry
- 200 SIEM log entries
- 40 EDR endpoints
- 6 SOAR playbooks
- 20 IOCs (Indicators of Compromise)
Visit http://localhost:8000/docs to see the interactive API documentation (Swagger UI).
Step 6: Start the Dashboard
In a new terminal:
cd dashboard
npm install
npm run dev
Open http://localhost:3000 in your browser. Log in with:
| Field | Value |
|---|---|
| Username | admin |
| Password | admin |
In development mode, AuroraSOC uses an in-memory user store with pre-configured accounts. See Authentication for production setup.
Step 7 (Optional): Start AI Agents
To run actual AI agent investigations, you need an LLM backend:
# Pull an Ollama model
ollama pull granite4:8b
# Start the MCP Tool Registry
python -m aurorasoc.tools.registry.server &
# Start specialist agents
python -m aurorasoc.agents.security_analyst.server &
python -m aurorasoc.agents.threat_hunter.server &
python -m aurorasoc.agents.orchestrator.server &
Using the Makefile
AuroraSOC includes a comprehensive Makefile for common operations:
make help # Show all available commands
make install # Install Python dependencies
make test # Run test suite
make lint # Run linter
make api # Start the API server
make dashboard-dev # Start the dashboard
make docker-up # Start all Docker services
make docker-down # Stop all Docker services
make migrate # Run database migrations
What's Next?
Now that you have AuroraSOC running, explore:
- Dashboard Overview — Learn to navigate the interface
- Alert Management — Handle security alerts
- Core Concepts — Understand how the AI agents work
- Architecture Overview — Deep dive into the system design