CogniSOC is an open-source Security Operations Center (SOC) framework designed to bridge the gap between academic anomaly detection research and practical SOC workflows. The system integrates host and network telemetry collection, behavioral analytics, SIEM ingestion, correlation-based incident detection, MITRE ATT&CK mapping, alert prioritization, and automated case creation through SOAR integration. The framework combines Sysmon, Suricata, Splunk, Isolation Forest-based anomaly detection, custom correlation logic, and TheHive incident response workflows into a unified architecture. Evaluation was performed within a controlled laboratory environment using simulated adversary activity and ATT&CK-aligned attack scenarios. This preprint documents the system architecture, implementation details, evaluation methodology, operational findings, limitations, and future directions for deployable behavioral analytics in modern SOC environments.
Ankit Singh (Thu,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: