SOC 7 min read

SOC Hub: An Open-Source AI-Powered Case Management Platform

A multi-tenant, AI-assisted SOC case management system built for modern security teams.

The Problem I Kept Seeing

Security teams don’t lack alerts.

They lack structure.

Over the years working across cloud-native environments, crypto infra, MSSP-style operations, and compliance-heavy companies, I kept seeing the same pattern:

  • Jira pretending to be a SOC tool
  • Slack threads used as incident tracking
  • Expensive enterprise platforms nobody fully understands
  • Or spreadsheets holding everything together

So I built something I actually wanted to use.

Introducing SOC Hub

SOC Hub is a multi-tenant, AI-powered SOC case management platform designed for real-world security teams.

It focuses on:

  • Case lifecycle management
  • Artifact & IOC linking
  • Investigation mapping
  • Auditability
  • Privacy-first AI assistance

Security Operations Dashboard

A clean operational overview of your SOC:

  • Open vs closed cases
  • Critical incidents
  • Resolution rate
  • Severity distribution
  • MTTR tracking

SOC Hub Dashboard

This isn’t just metrics — it’s operational clarity.

Engineering Cases

Cases are first-class citizens.

Each case supports:

  • Severity classification
  • Status lifecycle
  • Artifact linking
  • Timestamps
  • Updates

SOC Hub Cases

No generic tickets.
Real incident-focused tracking.

Artifact & IOC Repository

Security investigations are about relationships.

SOC Hub provides a centralized repository for:

  • Emails
  • Domains
  • IP addresses
  • Evidence

SOC Hub Artifacts

Everything links back to cases.

Nothing lives in isolation.

Relationship Map

Investigations aren’t linear.

They’re graphs.

SOC Hub includes a relationship map to visualize how:

  • Cases connect
  • IOCs overlap
  • Campaign patterns emerge

SOC Hub Relationship Map

This is where investigations become intelligence.

Multi-Tenant & Role-Based Access

Built for:

  • MSSPs
  • Multi-entity organizations
  • Security consultancies

With strict tenant isolation and role-based permissions.

SOC Hub User Management

Security isn’t an afterthought.
It’s embedded into the model.

Architecture (For Builders)

This wasn’t hacked together.

Backend

  • FastAPI (fully async)
  • Async SQLAlchemy
  • PostgreSQL (asyncpg)
  • Celery + Redis

Frontend

  • React 19
  • TypeScript
  • TanStack Query
  • Tailwind CSS

AI

  • Ollama for local LLM inference

Fully containerized. Audit logged. Versioned API (v1).

Why Open Source?

Because security tools should be transparent.

Because AI in security shouldn’t require data leakage.

And because the future of security engineering is:

Open.
Composable.
AI-augmented.
Privacy-aware.

If you want early access, testing access, or want to contribute:

Reach out.

Let’s build better security tooling.