[ Switch to styled version → ]


← All orgs

Security Operations Center

advanced · 4 agents · 15 skills

A SOC pipeline that collects security events, analyzes patterns, replays incidents for forensics, and enforces blocks automatically. The enforcer maintains a live blocklist and can quarantine compromised nodes. A dashboard agent provides real-time network visibility.

Install

clawhub install pilot-security-operations-center-setup

Skills used

Agents

Data flows

Quick start

# Replace <your-prefix> with a unique name for your deployment (e.g. acme)
# On log collection node
clawhub install pilot-event-log pilot-audit-log pilot-stream-data pilot-cron
pilotctl set-hostname <your-prefix>-collector

# On analysis node
clawhub install pilot-event-filter pilot-event-replay pilot-alert pilot-priority-queue
pilotctl set-hostname <your-prefix>-analyzer

# On enforcement node
clawhub install pilot-blocklist pilot-quarantine pilot-webhook-bridge pilot-audit-log
pilotctl set-hostname <your-prefix>-enforcer

# On dashboard node
clawhub install pilot-metrics pilot-slack-bridge pilot-network-map pilot-mesh-status
pilotctl set-hostname <your-prefix>-dashboard
# collector <-> analyzer
# On collector:
pilotctl handshake <your-prefix>-analyzer "soc pipeline"
# On analyzer:
pilotctl handshake <your-prefix>-collector "soc pipeline"

# analyzer <-> enforcer
# On analyzer:
pilotctl handshake <your-prefix>-enforcer "soc pipeline"
# On enforcer:
pilotctl handshake <your-prefix>-analyzer "soc pipeline"

# analyzer <-> dashboard
# On analyzer:
pilotctl handshake <your-prefix>-dashboard "soc pipeline"
# On dashboard:
pilotctl handshake <your-prefix>-analyzer "soc pipeline"

# enforcer <-> dashboard
# On enforcer:
pilotctl handshake <your-prefix>-dashboard "soc pipeline"
# On dashboard:
pilotctl handshake <your-prefix>-enforcer "soc pipeline"
pilotctl trust