About

About SOC.Workflows

Built by a defender, for defenders.

Gaurav Kundu
Security Analyst | SOC & Threat Hunting | Incident Response | SIEM
Berlin, Germany
Connect on LinkedIn

Why I Built SOC.Workflows

After working in SOC environments, I kept seeing analysts paste random prompts into AI tools and get inconsistent results.

Real investigations follow structured steps — decode the command, analyze behavior, check logs, produce a report. But most AI prompt libraries don't reflect how analysts actually work.

SOC.Workflows was built to turn real investigation processes into structured AI workflows that analysts can actually use during live investigations — not just for learning, but for getting work done faster.

What SOC.Workflows Is

SOC.Workflows IS
  • A free AI investigation workflow library
  • Designed for individual SOC analysts
  • Works with ChatGPT, Claude, or any LLM
  • Built on real investigation processes
  • No signup, no cost, no lock-in
SOC.Workflows is NOT
  • An automated SOC platform
  • A replacement for your SIEM or EDR
  • An AI agent that investigates for you
  • A commercial product

What's Next

If SOC.Workflows proves useful for analysts, the plan is to expand the workflow library based on community feedback, add community-contributed workflows, and build deeper investigation tooling for common SOC scenarios.

Have a workflow idea? Submit it here.

Browse Workflows → Connect on LinkedIn →