A defensive, portfolio-ready SOC triage CLI that:
- Ingests JSONL or CSV logs
- Normalizes events into a consistent schema
- Applies YAML detection rules
- Produces findings (console + JSON report)
This project is intended for security operations, blue team workflows, and learning. It does not include exploitation capabilities.
python -m venv .venv
source .venv/bin/activate # Windows: .venv\Scripts\activate
pip install -e ".[dev]"
soc-log-triage triage sample_data/sample_auth.jsonl --rules rules/example_rules.yml --out findings.json
soc-log-triage triage sample_data/sample_proxy.csv --rules rules/example_rules.yml