Surgical Threat Intelligence
Without the Noise.

VANTAGE is an open-source, fast, and explainable verdicts platform for SOC teams. Stop guessing. Start acting.

Explore Open Source Core

AGPLv3 Licensed

vantage-soc/terminal

[14:22:01] INFO Parallel routing initiated for suspicious payload...

[14:22:02] QUERY VirusTotal, AbuseIPDB, Shodan responding...

[14:22:03] ALERT Verdict: HIGH RISK. Ransomware IOCs detected.

[14:22:03] DONE Natural-language summary generated. Triaged in 2.3s.

> _

Built for the Modern Operator

More than just a lookup tool. An entire workspace to triage feeds, recon, manage watchlists, and control exposure.

Parallel Threat Intel

Queries multiple sources (VirusTotal, AbuseIPDB, Shodan, OTX) simultaneously for near-instant contextual enrichment.

Enterprise Grade IAM

Complete RBAC, TOTP MFA, Active Session Revocation, and rigorous audit trails integrated directly into the core.

Transparent & Auditable

Open-core logic (AGPLv3) ensures transparency. You verify the models, inspect the codebase, and manage the deployment.

Workspace Flow

Not a mere API wrapper. It presents structured analysis feeds, watchlists, hunting dashboards, and historical logging seamlessly.

Optional Companion

Meet SOCC

SOC Copilot (SOCC) is a local-first helper explicitly designed to integrate with VANTAGE. We didn't want to force AI into the core product, so it lives as an optional, installable CLI & API plugin. Run it locally via Ollama to orchestrate threat feeds, parse complex EDR payloads, and automatically draft operational summaries for your alerts without sending sensitive telemetry to the cloud.

Local-first LLM inference (Ollama) Payload Triaging Drafts & Veridicts generation

$ socc analyze --file payload.txt

✔ Payload parsed (EDR Alert)

✔ IOCs extracted: 3 domains, 1 IP

✔ Context retrieved from VANTAGE feed

Generating local operational draft...

No cloud endpoints accessed.