Skip to content
Terminal-native docs for local-first SecOps

Security operations docs for teams that keep telemetry close.

Use SecOpsAI to collect from OpenClaw and host systems, correlate findings, orchestrate triage, and deploy monitoring workflows without giving up operator control.

Get Started GitHub Deployment Guide
OpenClaw macOS Linux Windows Triage orchestration Threat intel
docs.secopsai.dev 
$ secopsai refresh --platform macos,openclaw
[OK] host + OpenClaw telemetry collected
[OK] findings persisted to local SOC store

$ secopsai correlate
[OK] cross-platform correlation complete

$ secopsai triage orchestrate --search-root ~/secopsai
QUEUED review ACT-0001 (tune_policy)

Manifesto

Modern threats move across OpenClaw, macOS, Linux, and Windows. These docs are organized around the workflows that close the gap: collection, correlation, triage, and human review.

Core guides

Open the docs like an operator console.

Start with the install path, move into investigation workflows, and keep the deployment and API references nearby as you scale out.

Guide 01

Getting Started

Install SecOpsAI, activate the virtual environment, and run the first local pipeline.

Guide 02

Findings Triage Guide

Work through finding states, review decisions, and disposition outcomes with a repeatable analyst flow.

Guide 03

Triage Orchestrator

Learn how queued actions, search roots, and human review connect inside the native CLI workflow.

Guide 04

Operator Runbook

Keep the day-to-day command surface nearby, from refresh and correlate through list, show, mitigate, and intel workflows.

Guide 05

Threat Intel

Understand IOC ingestion, matching behavior, and the operational meaning of stale intel or telemetry.

Guide 06

API Reference

Jump straight to command surfaces, programmatic touchpoints, and integration details.

Capabilities

The stack behind the docs.

These guides map to the core operating surfaces in SecOpsAI, so you can move from first install to mature operations without changing mental models.

Quick Start

Deploy in minutes.

Install the environment, refresh telemetry, correlate findings, and run triage from one straightforward command flow.

bash 
# Install and initialize
curl -fsSL https://secopsai.dev/install.sh | bash
cd ~/secopsai
source .venv/bin/activate
secopsai refresh
secopsai refresh --platform macos,openclaw
secopsai correlate
secopsai triage orchestrate --search-root ~/secopsai
Production

OpenClaw

Primary native telemetry integration and reference workflow.

Production

macOS

Host telemetry collection and local findings generation.

Beta

Linux

Ready for deployment with journalctl and auditd-backed sources.

Beta

Windows

Ready for deployment with Event Logs and Sysmon workflows.