🛡️ SecOps AI Suite · Free · 100% client-side

Security tools that
work together.

Six free, AI-powered tools covering the full analyst workflow — from IOC extraction to IR playbook draft. No server. No telemetry. Your API key stays in your browser.

6 tools 1 pipeline 100% client-side MIT License
Full analyst workflow
Extract 🧪 Defang IOC hxxp://evil[.]com · 192[.]168[.]1[.]1
Pivot 🔭 IOC Pivot Hub VT · Shodan · AbuseIPDB · 30+
Profile 🕵️ Threat Actor Profiler APT28 · TTPs · Campaigns
Enrich 🔬 CVE Enricher CVSS 9.8 · KEV · Patch now
Explain 🚨 Alert Explainer T1059.001 · Priority: High
Map 🗺️ TTPs Mapper T1566 · T1059 · T1486 · ATT&CK
Detect ✍️ SIGMA Generator detection: · Image|endswith: ps
Respond 📖 Playbook Builder 6 phases · Steps + commands
Browse the tools ↓ GitHub ↗
The pipeline

Six tools. One workflow.

Each tool solves one step. Together they cover the full analyst response loop — from first IOC to final playbook.

🧪
Step 1 · Extract
Defang IOC
Extract, defang, and refang IOCs from any text. Paste a raw report — get clean, shareable indicators.
Raw text Defanged IOCs
hxxp://evil[.]com/drop
192[.]168[.]1[.]1 · d41d8cd98f[…]
Open Defang IOC →
🔭
Step 2 · Pivot
IOC Pivot Hub
One IOC → 30+ threat intelligence platforms. VirusTotal, Shodan, AbuseIPDB, URLhaus, and more — in one click.
IP / domain / hash 30+ intel links
VirusTotal · Shodan · AbuseIPDB
URLhaus · Censys · GreyNoise · OTX…
Open IOC Pivot →
🕵️
Step 3 · Profile
Threat Actor Profiler
Actor name → aliases, MITRE techniques, tooling, campaigns, infrastructure patterns, and actionable hunting pivots.
APT28, LockBit… TTPs + hunting pivots
T1566.001 Spearphishing · T1059
Tooling: Mimikatz · Cobalt Strike
Open Threat Actor Profiler →
🔬
Step 4 · Enrich
CVE Enricher
Full CVE context: CVSS score, KEV status, threat actors exploiting it, affected products, and patch priority.
CVE-YYYY-NNNNN Patch priority + actors
CVSS 9.8 · KEV ✓ · Patch now
Actors: LockBit · FIN7 · APT41
Open CVE Enricher →
🚨
Step 5 · Explain
Alert Explainer
Paste any SIEM alert — get a plain-English explanation, MITRE mapping, false positive check, and triage priority.
SIEM alert Triage + MITRE mapping
T1059.001 PowerShell Execution
Priority: High · FP risk: Low
Open Alert Explainer →
✍️
Step 6 · Detect
SIGMA Generator
Describe an attack or paste an alert — get a ready-to-use SIGMA rule converted to 7 platforms. Bridges directly to Playbook Builder.
Attack description SIGMA · SPL · KQL · XDR
detection:
  Image|endswith: '\powershell.exe'
  CommandLine|contains: 'IEX'
Open SIGMA Generator →
🗺️
Step 6 · Map
TTPs Mapper
Paste any threat report, advisory or article — AI extracts MITRE ATT&CK techniques instantly. Bridges to SIGMA Generator and Playbook Builder.
Threat report / advisory ATT&CK techniques
T1566.001 Spearphishing Attachment
T1059.001 PowerShell · T1486 Data Encrypted
Open TTPs Mapper →
📖
Step 7 · Respond
Playbook Builder
MITRE technique, incident description, or SIGMA rule → structured 6-phase IR playbook draft. A starting point — not autopilot.
MITRE / incident / SIGMA 6-phase IR draft
🛡️ Containment — step 1/4
Isolate host · Block C2 · Revoke sessions
Open Playbook Builder →
How the pipeline flows
📍 Alert fires

A SIEM alert or threat report arrives. You need to move fast.

🧪 Extract IOCs → 🔭 Pivot to intel
🔍 Enrich and understand

CVE context, MITRE mapping, triage priority — without leaving the browser.

🔬 Enrich CVE → 🚨 Explain alert
📋 Detect and respond

Turn the alert into a detection rule, then into a structured response draft.

✍️ Generate SIGMA → 📖 Build playbook
Also built

Flagship platform

🎯
SecPrior Flagship
secprior.vercel.app

Vulnerability prioritization and risk scoring platform. Helps security teams cut through CVE noise and focus remediation effort on what actually matters — combining CVSS, KEV status, exploitability, and business context into a single actionable priority score.

Risk scoring KEV integration Exploit context 100% client-side
Open SecPrior →

More tools in the pipeline · Follow on GitHub →

One workflow.
End to end.

No accounts. No telemetry. Your OpenAI key stays in your browser.
Each tool works standalone — or as part of the full pipeline.

Start with a tool ↑