Inspiration
Modern Security Operations Centers (SOCs) are overwhelmed with massive volumes of logs and alerts every day. Most alerts are noisy, repetitive, and hard to interpret—leading to alert fatigue and delayed responses. SOCraGen was inspired by the idea: What if an AI could act like a junior SOC analyst—correlating logs, detecting threats, and clearly explaining what’s happening?
What It Does
SOCraGen is an AI-powered Security Operations Copilot that helps security teams analyze logs and alerts more efficiently.
It:
Ingests firewall, server, and authentication logs
Detects suspicious and anomalous behavior
Correlates events across multiple log sources
Classifies threats and maps them to MITRE ATT&CK tactics and techniques
Explains security incidents in simple, human-readable language
Assigns severity and confidence scores to reduce alert fatigue
Instead of raw logs, analysts get clear incident summaries like what happened, why it matters, and what to do next.
How We Built It
SOCraGen uses a hybrid ML + LLM architecture:
Machine learning models perform behavioral anomaly detection on log data
Events are correlated and grouped into meaningful incidents
Gemini-powered reasoning summarizes logs, explains attacks, and generates incident narratives
Detected behaviors are mapped to the MITRE ATT&CK framework for better threat understanding
A simple dashboard presents timelines, risk scores, and explanations for faster decision-making.
Challenges We Faced
Normalizing different log formats into a consistent structure
Reducing false positives while detecting real threats
Converting highly technical log data into clear explanations
Balancing realism with hackathon time constraints
What We Learned
How real SOC workflows operate and where AI can add value
Practical use of LLMs for explainable cybersecurity
Designing AI systems that support humans instead of replacing them
Importance of context-aware threat detection
Accomplishments I’m Proud Of
Built an AI-powered Security Operations Copilot within a hackathon timeframe
Combined ML-based anomaly detection with Gemini-powered incident reasoning
Mapped detected threats to the MITRE ATT&CK framework
Converted raw security logs into clear, human-readable insights
Designed a solution that reduces alert fatigue and supports SOC analysts.
Impact & Future Scope
SOCraGen demonstrates how AI can significantly improve SOC efficiency by reducing noise, improving clarity, and accelerating incident response.
Future enhancements include:
Real-time SIEM integration
Automated response actions (SOAR)
Advanced threat intelligence feeds
Multi-tenant enterprise deployment
SOCraGen acts as an AI SOC intern that never sleeps—monitoring logs, detecting threats, and explaining attacks before they become breaches.
Built With
- anomaly
- api
- apis
- att&ck
- css
- detection)
- fastapi
- flask
- framework
- gemini
- html
- javascript
- learning
- llm)
- machine
- mitre
- numpy
- pandas
- python
- rest
- scikit-learn
Log in or sign up for Devpost to join the conversation.