SOCFortress CoPilot is a single pane of glass for operating an open‑source SOC/SIEM stack. It sits above tools like Wazuh, Graylog, Velociraptor, Grafana, and Shuffle and helps you:Documentation Index
Fetch the complete documentation index at: https://docs.socfortress.co/llms.txt
Use this file to discover all available pages before exploring further.
- Operate incidents: alerts → cases → evidence → response
- Onboard data: customer/tenant provisioning, integrations, and connectors
- Reduce context switching with a consistent UI and workflow
If the animation doesn’t autoplay in your browser, click once to start playback.
Who is it for?
SOC operators / analysts
Daily triage and case work.
Admins / engineers
Data onboarding, integrations, indices, and reliability.
Developers
Extend CoPilot safely (connectors, schema changes, data flows).
The mental model
Think of CoPilot as two loops:- Incident loop (operator): detect → triage → investigate → contain
- Ingestion loop (admin): connect → route → normalize → validate