SecurityClaw Autonomous SOC Agent

Skill by ara.so — Security Skills collection.

SecurityClaw is a modular, skill-based autonomous Security Operations Center (SOC) agent that monitors OpenSearch/Elasticsearch data, builds RAG-based behavioral memory, and validates real-time anomalies using LLMs. It orchestrates security workflows through LangGraph, maintains conversation-based investigations, and provides both CLI and web interfaces for threat analysis.

Core Capabilities

• Skill-based architecture: Each capability is an isolated module with Python logic + LLM instruction
• RAG behavioral memory: Vector embeddings of network baselines stored in OpenSearch
• Anomaly detection: Scheduled 1-minute watcher polls findings and escalates threats
• LLM-powered analysis: Threat analyst validates anomalies using retrieval-augmented context
• LangGraph orchestration: DECIDE→EXECUTE→EVALUATE supervisor loop with SQLite checkpointing
• Web + CLI interfaces: React UI for chat investigations, CLI for automation
• Provider agnostic: Swap OpenSearch↔Elasticsearch, Ollama↔other LLM providers

Installation

Prerequisites