β Agent Crucible Β· Real-time SOC
SOC Live Dashboard
Real-time endpoint visibility, threat feed, and event triage. Agent Crucible never blinks β it watches every endpoint all day, every day.
Endpoints active
247
+3 since yesterday
Events Β· last hour
12,841
within baseline
Triage queue
7
oldest: 14 min
Critical alerts
2
requires action
Threats blocked Β· 24h
8,421
auto-contained
Mean detect time
4.2s
β 0.8s vs last week
Live Event Feed
β LIVE (SIMULATED)20:04:12[AGENT CRUCIBLE] WIN-03 Β· heartbeat OK Β· 247 events logged
20:04:15[AGENT PURGE] anomaly score 0.87 Β· user=svc.backup Β· process=cmd.exe
20:04:18[AGENT ANVIL] flow 10.0.12.4β443 Β· sanctioned Β· 2.1 MB/s
20:04:22[AGENT SHADOW] credential leak match Β· email=j.smith@acme.com Β· rotatingβ¦
20:04:26[AGENT TEMPER] 412 events hash-chained Β· integrity 100%
20:04:30[AGENT ALLOY] SOC2 CC6.1 Β· evidence collected Β· green
20:04:34[AGENT ATLAS] playbook "containSuspiciousBackup" armed Β· awaiting confirm
20:04:38[AGENT CRUCIBLE] WIN-07 Β· patch scan complete Β· 0 missing critical
20:04:42[AGENT ANVIL] DNS query Β· external Β· pastebin.com Β· flagged low
20:04:47[AGENT CRUCIBLE] MAC-14 Β· AV definitions current Β· clean scan
20:04:51[AGENT PURGE] lateral movement signal Β· WIN-03 β WIN-11 SMB Β· blocking
20:04:55[AGENT TEMPER] incident #2847 opened Β· Agent Purge lateral movement Β· logged
20:05:00[AGENT ATLAS] playbook "isolateEndpoint" executed on WIN-03 Β· success
20:05:04[AGENT ALLOY] IR evidence tagged for SOC2 CC7.2 Β· incident #2847
20:05:08[AGENT CRUCIBLE] WIN-03 isolated Β· 0 active connections Β· contained
Endpoint Health
247 ONLINE| Host | OS | Last seen | Status |
|---|---|---|---|
| WIN-03 | Win 11 | Just now | ISOLATED |
| WIN-07 | Win 11 | 32s | CLEAN |
| MAC-14 | macOS 14 | 1m | CLEAN |
| LIN-02 | Ubuntu 22 | 2m | CLEAN |
| SRV-01 | Ubuntu 22 | 45s | PATCHING |
| WIN-11 | Win 10 | 1m | WATCHING |
Event Volume Β· 12h
HOURLY
000102030405
0607080910Now
β½ Agent Shadow Β· Dark Web Monitor
Dark Web & Insider Threat
Agent Shadow watches what others can't β paste sites, underground forums, leak marketplaces, and covert lateral channels. The agent that sees into the darkness others avoid.
Monitored domains
3
acme.com +2
Monitored emails
12
exec + service accounts
Active breach matches
2
requires rotation
Paste site mentions
1
last 7 days
Typosquat domains
0
no live lookalikes
CT-log subdomains
47
3 flagged staging
CRITICAL
Credential leak β j.smith@acme.com
2 hours ago
Email and plaintext password found in "Collection-2026-Q1" paste on Raidforums mirror. Password matches pattern for internal SSO. Rotation in progress via Agent Atlas playbook #18.
CRITICAL
Session token leak β api-svc@acme.com
6 hours ago
Long-lived API token found in GitHub public gist (since deleted). Token issued 2024-11-03. Token revoked. Audit of dependent services underway.
MEDIUM
Paste mention β acme.com internal IP range
yesterday
10.0.12.x subnet enumeration posted to a paste site alongside "CVE-2024-xxxx targets list." No credentials included. Context suggests automated scanner output, not targeted recon. Monitoring for follow-up activity.
Subdomain Exposure (cert transparency)
3 RISKY| Subdomain | Resolved | Risk | Finding |
|---|---|---|---|
| staging.acme.com | β live | HIGH | No auth, public-facing, leaked in paste |
| dev.acme.com | β live | MEDIUM | Exposed admin panel (/admin 200) |
| backup-api.acme.com | β live | MEDIUM | Returns 200 on /status with build version |
| mail.acme.com | β live | LOW | Expected β MX record, properly auth'd |
| app.acme.com | β live | CLEAN | Production β headers clean |
β Agent Purge Β· Threat Hunting
Threat Hunting & Anomaly Detection
ML pattern-mining over behavioral telemetry. Agent Purge doesn't wait for signatures β it builds baselines and hunts deviations. The cunning mind that sees what rules can't.
Models active
3
process Β· net Β· auth
Baseline accuracy
99.7%
low false-positive rate
Anomalies flagged Β· 24h
1
score >0.80
Hunts completed Β· 7d
14
0 high findings
Anomaly Score Timeline Β· 7 days
BEHAVIORAL
MonTueWedThuFriSatSun β
Sunday spike: svc.backup user ran cmd.exe with encoded PowerShell args. Score 0.87. Matches "living off the land" pattern. Escalated to Agent Crucible triage queue.
Active Anomaly β ID #2847
OPEN| Field | Value |
|---|---|
| User | svc.backup |
| Host | WIN-03 |
| Score | 0.87 (threshold: 0.75) |
| Signal | cmd.exe β powershell -enc β¦ |
| Pattern | LotL β encoded PS, no parent |
| First seen | Sun 20:04:15 |
| Lateral? | Yes β SMB to WIN-11 confirmed |
| Status | ENDPOINT ISOLATED |
Completed Hunts Β· Last 7 Days
14 CLEAN| Hunt | Scope | Findings | Date |
|---|---|---|---|
| Beacon intervals | All endpoints | None | Mon |
| DNS tunneling | All endpoints | None | Tue |
| Cred dumping | DCs + servers | None | Wed |
| Persistence | Win endpoints | None | Thu |
| Exfil channels | Network perimeter | None | Fri |
| Priv escalation | All endpoints | 1 low | Sat |
| LotL sweep | All endpoints | 1 critical β | Sun |
β° Agent Anvil Β· Threat Detection
Network Traffic Analysis & IDS
Deep packet inspection, flow analytics, lateral-movement detection. The watchtower on the ridge β nothing crosses the network without Agent Anvil seeing it from the high ground.
Traffic analyzed Β· 24h
2.4 TB
via 4 sensors
Flows inspected
8.2M
DPI on all
Data exfil events
0
no threshold breach
Suspicious flows
3
low confidence
Ingress/Egress Β· Last 6 Hours
INGRESS
EGRESS
IDS Alerts Β· 24h
ALL LOW| Rule | Src | Dst | Sev | Count |
|---|---|---|---|---|
| DNS to non-corp resolver | WIN-09 | 1.1.1.1 | INFO | 14 |
| Large ICMP (potential tunnel) | MAC-14 | external | LOW | 2 |
| Pastebin.com outbound | WIN-05 | 104.20.68.x | LOW | 1 |
| SMB lateral (blocked) | WIN-03 | WIN-11 | HIGH β | 1 |
Top Talkers Β· Egress
| Host | Dest | Volume | Status |
|---|---|---|---|
| SRV-01 | s3.amazonaws.com | 1.2 TB | SANCTIONED |
| WIN-07 | office365.com | 380 GB | SANCTIONED |
| MAC-14 | slack.com | 12 GB | SANCTIONED |
| WIN-03 | WIN-11 (LAN) | 4.1 GB | BLOCKED Β· ISOLATED |
β Agent Atlas Β· Orchestration
Orchestration & SOAR
The lead agent that the others sync to. Agent Atlas routes response playbooks, automates containment, and gives the CISO one authoritative pane of glass. One console, not seven.
Agents connected
7/7
all reporting
Playbooks armed
18
3 active
Auto-actions Β· 24h
142
0 false executions
Awaiting approval
1
playbook #22
Agent Integration Status
Agent Crucible
SOC feed Β· live
Agent Shadow
Dark web Β· scanning
Agent Purge
ML Β· 3 models running
Agent Anvil
Network Β· 4 sensors
Agent Temper
Ledger Β· writing
Agent Alloy
Compliance Β· monitoring
Active Playbooks
| Playbook | Trigger | Status | Step |
|---|---|---|---|
| isolateEndpoint | Agent Purge score >0.80 | COMPLETED | 5/5 β WIN-03 offline |
| rotateCredential | Agent Shadow breach match | COMPLETED | 4/4 β rotated |
| containRansomware | Agent Purge LotL pattern | AWAITING | 3/6 β human confirm |
External Integrations
Slack
#security-alerts
PagerDuty
Critical escalation
Okta
Session management
AWS CloudTrail
Rate limited Β· retrying
GitHub
Secret scanning
Microsoft 365
Not connected
β Agent Temper Β· Forensics
Forensics & Immutable Audit Trail
Every observation is hash-chained the moment it's made. Ransomware can't rewrite your forensics. The agent that looks back and never lies.
Events chained Β· total
412,891
since deployment
Chain integrity
100%
all hashes verified
Events today
18,204
β incident activity
Open incidents
1
#2847 β contained
Hash Chain β Recent Events
INTEGRITY OKWIN-03 Β· process created Β· cmd.exe (PID 8821)
e3f9β¦ab21
WIN-03 Β· network connect Β· SMB β WIN-11 (10.0.12.11)
71a2β¦9b04
ATLAS Β· playbook isolateEndpoint triggered
d40cβ¦17fe
WIN-03 Β· network interfaces down Β· host isolated
8e0dβ¦cc11
ITHIL Β· credential match Β· j.smith@acme.com
4b8aβ¦f7d3
ATLAS Β· playbook rotateCredential triggered
c2e1β¦8844
OKTA Β· password reset initiated Β· j.smith@acme.com
f5a0β¦3310
THE ALLOY Β· IR evidence tagged Β· SOC2 CC7.2
b3d7β¦2291
AGENT PURGE Β· anomaly #2847 closed Β· contained
a1b2β¦7700
Incident #2847 β Full Timeline
OPEN| Time | Agent | Event |
|---|---|---|
| 20:04:15 | Agent Purge | Anomaly score 0.87 Β· svc.backup Β· cmd.exe -enc |
| 20:04:22 | Agent Anvil | SMB flow WIN-03 β WIN-11 detected |
| 20:04:26 | Agent Shadow | Credential leak correlated Β· same user |
| 20:04:34 | Agent Atlas | Playbook "isolateEndpoint" armed |
| 20:05:00 | Agent Atlas | WIN-03 isolated β 0 active connections |
| 20:05:04 | Agent Alloy | SOC2 CC7.2 evidence collected |
β Agent Alloy Β· Compliance
Governance & Compliance
Agent Alloy maps continuous evidence to SOC 2, ISO 27001, NIST CSF, and HIPAA β automatically. Audit prep becomes "download packet." The agent that keeps compliance current.
Frameworks monitored
4
SOC2 Β· ISO Β· NIST Β· HIPAA
Controls mapped
312
out of 318 total
Policy gaps
2
medium severity
Evidence collected Β· 7d
1,847
hash-linked via Agent Temper
Framework Compliance Scores
SOC 2 Type II
87%
ISO 27001
91%
NIST CSF
78%
HIPAA
82%
Open Policy Gaps
2 MEDIUM| Control | Framework | Gap | Severity |
|---|---|---|---|
| CC6.7 | SOC 2 | Vendor security reviews not on 90-day cycle | MEDIUM |
| PR.AC-4 | NIST CSF | Privileged access not fully MFA-enforced (2 svc accounts) | MEDIUM |
Upcoming Milestones
| Event | Framework | Due | Status |
|---|---|---|---|
| SOC 2 annual audit | SOC 2 Type II | 47 days | ON TRACK |
| ISO surveillance audit | ISO 27001 | 83 days | ON TRACK |
| HIPAA risk assessment | HIPAA Β§164.308 | 112 days | GAP: MFA |
| Vendor review cycle | SOC 2 CC6.7 | 14 days | OVERDUE |
β Admin Β· Scan History
All Scan Results
Every URL scanned via the free scanner. Admin-only view β data is stored in Supabase via the service role and gated by RLS to admin emails.
Admin sign-in required
You're seeing simulated data
Get early access to the real thing.
The Seven are being lit one at a time. Waitlist members get first access, locked-in pricing, and a white-glove onboarding session with the founding team.
Join the waitlist β