Automate the triage of a suspicious domain or IP by chaining evidence gathering, analysis, and validation agents.
Demo an event driven multi-agent architecture for security operations without writing custom orchestration code.
Swap between a local model and a hosted OpenAI or Anthropic model to compare incident analysis quality.
Trace an entire incident response pipeline end to end using a single OpenTelemetry trace.
| zipgod24/aetherflow | aasheeshlikepanner/vase | alexzielenski/controller-runtime | |
|---|---|---|---|
| Stars | 0 | 0 | — |
| Language | Go | Go | Go |
| Last pushed | — | — | 2022-04-20 |
| Maintenance | — | — | Dormant |
| Setup difficulty | hard | moderate | hard |
| Complexity | 5/5 | 4/5 | 4/5 |
| Audience | ops devops | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires Docker, Docker Compose, Go 1.22+, and about 6 GB free space for the local Ollama model.
AetherFlow is a platform for handling security incidents using a team of AI agents that talk to each other through message queues instead of calling each other directly. When something suspicious happens, like a computer making strange DNS lookups, the system passes that incident through a chain of specialized agents that each do one job: gather evidence, analyze it, check the analysis for mistakes, and then take action. The project is built with Go and uses RabbitMQ, a message broker, to move events between agents. This means agents never call each other in a fragile chain. If one agent crashes mid task, the system can pick up where it left off. A Retriever agent searches a database for relevant information using both semantic similarity and keyword matching, and can also look up domain names directly. A Reasoner agent sends the gathered evidence to a language model and asks for a structured judgment. A Validator agent then checks that judgment for errors, made up citations, or signs of prompt injection before anything is allowed to happen. Finally an Executor agent carries out the response, such as blocking a firewall rule or paging an on call person, using mock adapters that could be swapped for real ones. Services in the system find each other automatically through DNS records rather than hardcoded addresses, so new copies of a service can join without extra configuration. Every step, from a database query to a language model call, is tracked using OpenTelemetry so the whole incident can be viewed as one trace in a tool called Jaeger. The language model piece is flexible. Ollama runs locally by default with no setup required, but the web interface lets a user paste in an OpenAI or Anthropic API key and immediately switch to a hosted model without restarting anything. Getting started requires Docker, Docker Compose, and Go 1.22 or newer. After cloning the repository, a single make command starts all the services, and a second command loads example security data. A built in demo incident walks through the entire pipeline from ingestion to a mock firewall action, which can be watched live through the web dashboard.
A multi-agent platform where separate AI agents, connected through a message queue, investigate and respond to security incidents step by step.
Mainly Go. The stack also includes Go, RabbitMQ, Postgres.
Setup difficulty is rated hard, with roughly 1h+ to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.