AVPin2/agentic-soc-portfolio

# agentic-soc-portfolio AI-assisted SOC incident response project — 7-phase NIST lifecycle # Agentic SOC Portfolio **Owner:** Albert Pinpin **Built:** April 2026 **Purpose:** Self-initiative project demonstrating a 7-phase AI-assisted SOC incident response pipeline — no installs, 100% browser-based, built on a company laptop. ## What I Built A complete end-to-end SOC incident response workflow using free browser-based tools and Claude AI as the analysis agent for each phase of the NIST-aligned incident lifecycle. ## The 7 Phases | Phase | AI Agent Role | |---|---| | 01 Detect | Flags suspicious activity from SIEM alerts | | 02 Triage | Scores severity using CVSS-style reasoning | | 03 Investigate | Enriches IOCs via VirusTotal and AbuseIPDB | | 04 Contain | Recommends containment actions | | 05 Eradicate | Lists artifacts to remove | | 06 Recover | Verifies clean state criteria | | 07 Lessons Learned | Generates post-incident report | ## Tools Used - **SIEM Practice:** Boss of the SOC (bots.splunk.com) · Blue Team Labs Online · CyberDefenders - **Threat Intel:** VirusTotal · AbuseIPDB - **MITRE Mapping:** attack.mitre.org - **AI Agents:** Claude (Anthropic) - **Documentation:** GitHub ## Portfolio Evidence - [SOC Playbook] https://github.com/AVPin2/agentic-soc-portfolio - Case 001 — Incident Report (coming Day 12) - Screenshots (coming Day 7) *Built as part of a personal upskilling initiative combining old-school SOC operations with Agentic AI workflows.*

标签：7阶段, AbuseIPDB, AI辅助, Claude AI, Cloudflare, MITRE ATT&CK, NIST生命周期, 个人项目, 威胁情报, 安全编排自动化, 开发者工具, 恢复, 无安装, 根除, 案例研究, 浏览器端, 漏洞评分, 病毒总览, 端点检测与响应, 经验总结, 网络安全, 网络安全学习, 网络安全项目, 脱壳工具, 逆向工具, 遏制, 隐私保护