SecOpsAI Edge network discovery

SecOpsAI Know what is on your network and what changed.

SecOpsAI combines SecOpsAI Edge asset discovery with OpenClaw, Hermes Agent, macOS, Linux, and Windows telemetry. It detects risky changes, checks AI-built dependencies for slopsquatting, correlates findings across systems, and keeps analyst workflows grounded in a local SOC store.

OpenClaw + Hermes + host telemetry Edge asset + Wi-Fi discovery Unified schema SQLite SOC store Cross-platform correlation AI Dependency Guard Adaptive response layer Queued analyst actions
secopsai / local ops
findings stay on-box
$ secopsai refresh --platform macos,openclaw,hermes
[OK] Collected host + OpenClaw + Hermes telemetry
[OK] Findings persisted to local SOC store
$ secopsai graph assets
[OK] Edge assets and services loaded into the local graph
$ secopsai correlate
[OK] Cross-platform correlation complete
$ secopsai adaptive-response --persist-memory
[OK] Immune response mode evaluated
$ secopsai supply-chain ai-dependency-guard --path . --json
[OK] AI dependency guard checked hallucinated package risk
$ secopsai triage orchestrate --search-root ~/secopsai
[OK] Low-risk findings auto-triaged
QUEUED: Review ACT-0001 (tune_policy)
Capabilities

Detect, investigate, and triage without shipping your context away.

SecOpsAI keeps collection, correlation, triage, and policy decisions close to the operator. That makes the workflow easier to inspect, faster to iterate on, and a better fit for teams that care about local control over telemetry and analyst actions.

Universal adapters

Collect from OpenClaw, Hermes Agent, macOS, Linux, and Windows with a shared adapter model and normalize events into one schema that is easier to reason about.

SecOpsAI Edge

Discover internal assets, exposed services, and Wi-Fi changes with a local sensor, then import normalized graph context and findings into the same Core triage workflow without exporting raw scan logs.

Cross-platform correlation

Correlate findings by IP, user, time window, and file hash so attack patterns stand out even when the raw telemetry came from different systems.

Native triage orchestration

Investigate findings, auto-close low-risk cases, queue higher-risk analyst actions, and keep the review trail in your local SOC store.

Local-first policy control

Tune supply-chain thresholds, rules, and allowlists locally instead of depending on a remote service to approve the last mile of security decisions.

AI Dependency Guard

Scan AI-built code and local agent logs for hallucinated, newly registered, or lookalike dependencies before they become slopsquatting incidents.

Adaptive Response Layer

Combine threat memory, confidence scoring, signal routing, time-aware detection, safe probing, and deception controls to prioritize threats and recommend containment locally.

Platform support

Available now

OpenClaw and macOS are production-ready today. SecOpsAI Edge is pilot-ready, while Hermes Agent, Linux, and Windows adapters are in active beta. The support matrix keeps deployment posture obvious at a glance without dropping users into documentation too early.

PlatformOpenClaw
SourceAudit logs
StatusProduction
NotesNative telemetry source
PlatformmacOS
SourceUnified logging
StatusProduction
NotesHost activity and security events
PlatformHermes Agent
SourceAgent logs / history
StatusBeta
NotesRead-only agent telemetry source
PlatformSecOpsAI Edge
SourceLAN assets / Wi-Fi inventory
StatusPilot
NotesSeparate local sensor module with Core sync
PlatformLinux
Sourcejournalctl / auditd
StatusBeta
NotesReady for Linux deployment
PlatformWindows
SourceEvent Logs / Sysmon
StatusBeta
NotesReady for Windows deployment
Quick Start

Zero to findings in minutes

Bring back the fast install paths without bringing back the clutter. The one-liner stays front and center, npm remains available, the manual path is hackable, and Windows keeps a clear beta lane.

One-liner npm Hackable macOS macOS & Linux Windows β Beta
macOS & Linux Quick Start

One-liner

Recommended install for most operators

Use the bootstrap script when you want the fastest local path from zero to SecOpsAI on a fresh machine.

macOS is the smoothest path today. Windows teams can use the same installer from WSL2.

bash
local install path