SOCFortress CoPilot Documentation

CoPilot is a single pane of glass for operating an open‑source SOC/SIEM stack (Wazuh, Graylog, Velociraptor, Grafana, Shuffle, and more). Choose your path:

Start here

Guided path: ingest → dashboards → alerts → cases → response.

SOC Operator / Analyst

Alert triage → cases → investigations.

Admin / Engineer

Configure sources, connectors, and integrations.

Developer / AI Agent

Architecture, data flows, schema, and safe change playbooks.

If the animation doesn’t autoplay in your browser, click once to start playback.

Popular tasks

Provision a customer

Create a tenant and set up the minimum required configuration.

Add integrations & connectors

Connect third‑party sources and external network connectors.

Triage an alert → open a case

Start from an alert and manage work in a case.

Manage indices

Validate index patterns, retention, and troubleshooting.

Browse the UI Guide

Documentation that mirrors the CoPilot menu.

Video library (summarized)

Watch the playlist like docs: links + structured bullets (no transcripts stored).

Get oriented

Start with a quickstart

Operators: start with the Operator quickstart. Admins/engineers: start with the Admin/Engineer quickstart.

Use the UI Guide for day-to-day workflows

The UI Guide mirrors the menu so people can find what they see in the product.

Use videos as supplemental walkthroughs

The Videos page summarizes the full playlist into skimmable sections.

​SOCFortress CoPilot Documentation