Features Documentation GitHub
Get Started
Open Source Security Automation

Transform your SOC with intelligent triage

Triage Warden uses advanced AI to automatically analyze and prioritize security incidents, reducing response time by 90% while your team focuses on real threats.

Get Started View on GitHub
Integrates with the tools you trust
Splunk CrowdStrike Microsoft 365 Okta Jira
🧠

AI-Powered Analysis

Advanced LLMs provide human-level reasoning with full explainability for every decision

90% Faster Triage

Reduce MTTR dramatically and eliminate the backlog of unreviewed alerts

🔗

Seamless Integrations

Connect your entire security stack with native connectors and webhooks

🔐

Your Data, Your Control

Self-hosted options, full audit trails, and bring your own API keys

90%
Reduction in triage time
24/7
Automated monitoring
10x
Analyst productivity boost

AI that explains its reasoning

Unlike black-box solutions, Triage Warden shows you exactly why it classified each incident. Every verdict comes with detailed reasoning, IOC extraction, and MITRE ATT&CK mapping.

  • Full explanation of classification logic
  • Confidence scoring with calibrated accuracy
  • Automatic IOC extraction and enrichment
  • MITRE ATT&CK technique identification
AI Verdict — 0.94 confidence
Classification: Malicious (Credential Phishing)

Key Indicators:
• Domain registered 48 hours ago
• SPF, DKIM, DMARC all failed
• URL mimics Microsoft login page
• VirusTotal: 12/70 detections

MITRE ATT&CK: T1566.001, T1078

Policy-driven automation

Define exactly how Triage Warden should respond to different scenarios. Configure approval workflows, automate low-risk responses, and ensure sensitive actions get proper review.

  • Configurable policy rules in YAML/TOML
  • Multi-level approval workflows
  • Automatic response for high-confidence verdicts
  • Complete audit trail for every action
Policy Configuration
[[policy.rules]]
name = "auto_quarantine_phishing"
action = "quarantine_email"
classification = "malicious"
confidence_min = 0.9
decision = "allowed"

Security-first architecture

Built with security as a core principle, not an afterthought. Your security data stays under your control.

🏠

Self-Hosted Option

Deploy in your own environment with full control

📝

Complete Audit Trail

Every action logged and traceable for compliance

🔑

Bring Your Own Keys

Use your own API keys for AI providers

👤

Role-Based Access

Granular permissions for your entire team

Ready to transform your SOC?

See how Triage Warden can reduce alert fatigue and accelerate your incident response.

Get Started