SecurityClaw

SecurityClaw is an open-source autonomous Security Operations Center framework built around modular skills, scheduled monitoring, and retrieval-augmented threat analysis. The project watches OpenSearch or Elasticsearch data, builds behavioral baselines over time, then uses LLM-backed reasoning plus stored vector context to assess anomalies and escalate likely threats. Its design is explicitly skill-based: capabilities live in separate folders with Python logic and instruction files, and a scheduler can run them on recurring intervals for tasks like anomaly triage, baseline construction, schema cataloging, and GeoIP maintenance. The repository also includes a web interface, structured working memory, provider abstraction for Ollama or OpenAI, and a sizeable offline test suite with mocked infrastructure. For OpenClawMap, this fits Security because the tool’s purpose is not general observability but active defensive analysis, anomaly validation, and operational security investigation in an agentic workflow. It is best suited to teams that want a self-hosted, extensible SOC-style agent rather than a simple guardrail plugin or a generic SIEM dashboard.

Use this tool if you:\n- Need a self-hosted SOC-style agent that can monitor OpenSearch or Elasticsearch data continuously.\n- Want RAG-backed security analysis that compares current anomalies against behavioral baselines.\n- Need modular security skills for anomaly triage, baseline building, forensic review, field cataloging, and GeoIP enrichment.\n- Want a framework that can run scheduled defensive workflows rather than only one-off manual checks.\n- Prefer an open-source security operations stack you can extend with your own skills and local infrastructure.