Inspiration

Modern Security Operations Centers (SOCs) are overwhelmed with massive volumes of logs and alerts every day. Most alerts are noisy, repetitive, and hard to interpret—leading to alert fatigue and delayed responses. SOCraGen was inspired by the idea: What if an AI could act like a junior SOC analyst—correlating logs, detecting threats, and clearly explaining what’s happening?

What It Does

SOCraGen is an AI-powered Security Operations Copilot that helps security teams analyze logs and alerts more efficiently.

It:

Ingests firewall, server, and authentication logs

Detects suspicious and anomalous behavior

Correlates events across multiple log sources

Classifies threats and maps them to MITRE ATT&CK tactics and techniques

Explains security incidents in simple, human-readable language

Assigns severity and confidence scores to reduce alert fatigue

Instead of raw logs, analysts get clear incident summaries like what happened, why it matters, and what to do next.

How We Built It

SOCraGen uses a hybrid ML + LLM architecture:

Machine learning models perform behavioral anomaly detection on log data

Events are correlated and grouped into meaningful incidents

Gemini-powered reasoning summarizes logs, explains attacks, and generates incident narratives

Detected behaviors are mapped to the MITRE ATT&CK framework for better threat understanding

A simple dashboard presents timelines, risk scores, and explanations for faster decision-making.

Challenges We Faced

Normalizing different log formats into a consistent structure

Reducing false positives while detecting real threats

Converting highly technical log data into clear explanations

Balancing realism with hackathon time constraints

What We Learned

How real SOC workflows operate and where AI can add value

Practical use of LLMs for explainable cybersecurity

Designing AI systems that support humans instead of replacing them

Importance of context-aware threat detection

Accomplishments I’m Proud Of

Built an AI-powered Security Operations Copilot within a hackathon timeframe

Combined ML-based anomaly detection with Gemini-powered incident reasoning

Mapped detected threats to the MITRE ATT&CK framework

Converted raw security logs into clear, human-readable insights

Designed a solution that reduces alert fatigue and supports SOC analysts.

Impact & Future Scope

SOCraGen demonstrates how AI can significantly improve SOC efficiency by reducing noise, improving clarity, and accelerating incident response.

Future enhancements include:

Real-time SIEM integration

Automated response actions (SOAR)

Advanced threat intelligence feeds

Multi-tenant enterprise deployment

SOCraGen acts as an AI SOC intern that never sleeps—monitoring logs, detecting threats, and explaining attacks before they become breaches.

Built With

Share this project:

Updates