A SOC pipeline that collects security events, analyzes patterns, replays incidents for forensics, and enforces blocks automatically. The enforcer maintains a live blocklist and can quarantine compromised nodes. A dashboard agent provides real-time network visibility.
clawhub install pilot-security-operations-center-setup # Replace <your-prefix> with a unique name for your deployment (e.g. acme)
# On log collection node
clawhub install pilot-event-log pilot-audit-log pilot-stream-data pilot-cron
pilotctl set-hostname <your-prefix>-collector
# On analysis node
clawhub install pilot-event-filter pilot-event-replay pilot-alert pilot-priority-queue
pilotctl set-hostname <your-prefix>-analyzer
# On enforcement node
clawhub install pilot-blocklist pilot-quarantine pilot-webhook-bridge pilot-audit-log
pilotctl set-hostname <your-prefix>-enforcer
# On dashboard node
clawhub install pilot-metrics pilot-slack-bridge pilot-network-map pilot-mesh-status
pilotctl set-hostname <your-prefix>-dashboard
# collector <-> analyzer
# On collector:
pilotctl handshake <your-prefix>-analyzer "soc pipeline"
# On analyzer:
pilotctl handshake <your-prefix>-collector "soc pipeline"
# analyzer <-> enforcer
# On analyzer:
pilotctl handshake <your-prefix>-enforcer "soc pipeline"
# On enforcer:
pilotctl handshake <your-prefix>-analyzer "soc pipeline"
# analyzer <-> dashboard
# On analyzer:
pilotctl handshake <your-prefix>-dashboard "soc pipeline"
# On dashboard:
pilotctl handshake <your-prefix>-analyzer "soc pipeline"
# enforcer <-> dashboard
# On enforcer:
pilotctl handshake <your-prefix>-dashboard "soc pipeline"
# On dashboard:
pilotctl handshake <your-prefix>-enforcer "soc pipeline"
pilotctl trust