|
 |
|
|
|
We are happy to announce two new open-source releases that together complete a fully automated, intelligence-driven security operations pipeline, closing the loop on hybrid rule-based and AI-driven threat detection and response.
RADAR risk engine — a principled weighted fusion model combining anomaly detection signals, signature-based risk, and live CTI scores into a three-tier automated response: notification, remediation with case creation, and full host isolation
DECIPHER integration — a fully operational client that queries CTI from MISP, fuses scores into RADAR’s risk model, and opens structured Flowintel incident cases automatically — no manual SOC intervention needed
SONAR — a multivariate anomaly detection engine for Wazuh, powered by the deep learning algorithm MTAD-GAT, with a YAML-based scenario system for repeatable, code-free detection workflows, and debug mode for offline train-detect cycles without a live Wazuh instance
DECIPHER — an open-source REST microservice for automated, IOC-based severity-confidence scoring of security alerts backed by MISP threat intelligence and prioritized Flowintel case creation
PyFlowintel — a clean Python library wrapping the Flowintel API, enabling programmatic case management
One-command deployment of the full stack: DECIPHER + MISP + Flowintel
Together, these two releases close the MAPE-K loop end-to-end: RADAR detects a threat → DECIPHER enriches it with live CTI → a risk score drives the right automated response → a prioritized Flowintel incident case lands in the analyst’s queue. Entirely open-source.
