A local-first, self-hosted security operations platform. Red team, blue team, decision intelligence, SIEM/SOAR and forensic-grade evidence — in one air-gappable deployment that never phones home.
AegisCore exists because the dominant model for security operations is misaligned with how regulated organisations actually need to work.
Ingestion-based licensing means the more you monitor, the more you pay. Teams end up dropping log sources to control cost — the opposite of what security needs. AegisCore charges a flat per-tier price; ingest everything.
A SaaS SOC platform is a single point of failure and a data-sovereignty problem for regulated environments. AegisCore runs entirely on your own servers and degrades gracefully — it never hard-depends on a remote service.
A language model that invents a CVE or a metric is unacceptable when an auditor is reviewing why an IP was blocked. AegisCore's Decision Engine is fully deterministic — every conclusion is reproducible and explainable.
Most vendors sell you one or two of these and integrate the rest. AegisCore ships all eight in a single installer — designed to work together, audited together, released together.
Controlled offensive security
Authorized, scoped attack simulation driven by a 140-tool integrated arsenal. Every run is gated by explicit scope, operator approval and a hard kill-switch — no unrestricted action is ever possible.
DetailsDetection, correlation, response
Detection engineering on top of the full SigmaHQ baseline and a curated YARA set, with incident correlation, log ingestion and a readable operator timeline.
DetailsDeterministic decision intelligence
A deterministic risk-scoring and recommendation framework. No language model sits in the decision path — every conclusion is reproducible, explainable and free of hallucinated metrics.
DetailsDurable autonomous operations
Parallel, durable, idempotent execution of playbooks with retry semantics, a speculative runner and human approval for any destructive operation.
DetailsForensic-grade chain of custody
Tamper-aware evidence handling with a SHA-256 hash chain, HMAC internal signing and Ed25519 export signing — aligned to NIST SP 800-86.
DetailsIngestion, correlation, automation
Log ingestion over syslog, HTTP, Kafka and NATS, a correlation engine, playbook automation and 30+ integration connectors.
DetailsInstalls clean, runs in the background
Production-grade installers for Windows, Linux and macOS. The runtime works in the background — operators never touch a terminal.
DetailsAudit-ready by default
Continuous, evidence-backed compliance mapping with auto-generated reports for SOC 2, NIS2, HIPAA and ISO 27001 frameworks.
DetailsAegisCore is built to be deployed by the people who will operate it — not only by the engineers who installed it.
A single full-offline package per platform — engine, 140 tools, all detection rules and local AI bundled. No separate dependencies, no package manager, no terminal.
~6 GB · Linux / Windows / macOS
Paste a Professional, Team or Enterprise key — or skip and run the full Community trial. The same installer covers every tier; activation decides what unlocks.
Online or air-gapped envelope
The runtime works in the background. Every action — red team runs, detections, playbooks, evidence export — happens in the Operator UI. Operators never touch a shell.
67-page operator console
A factual comparison against the platforms regulated buyers most often evaluate. Positioning reflects publicly documented product behaviour.
| Capability | AegisCore | Splunk ES | CrowdStrike | Wazuh |
|---|---|---|---|---|
| Deployment model | Local-first, air-gappable | Cloud-first direction | Cloud-only | Self-hosted |
| Pricing model | Flat per-tier | Per-GB ingested | Per-endpoint | Free / paid support |
| Offensive + defensive in one | Yes — 8 pillars | Defensive only | Defensive only | Defensive only |
| Decision layer | Deterministic, no LLM | LLM assistant | LLM assistant | None |
| Evidence chain | Ed25519 + SHA-256, NIST 800-86 | Log retention | Cloud retention | Log retention |
| Commercial support | All paid tiers | Enterprise | Enterprise | Separate contract |
Comparison reflects publicly documented product positioning as of 2026. Vendor names are trademarks of their respective owners.
The Community edition is the complete AegisCore build — 140 tools, 3,862 detection rules, local AI, all eight pillars. Run it on your own hardware in minutes.