Tools Reference
Aithroyz supports 28 tools across SIEM, XDR, red team, DFIR, CTI, monitoring, AI, DevOps, and infrastructure categories. Mix and match based on your use case, or use a preset.
All tools are deployed as Docker containers on GCE virtual machines. Every tool gets its own HTTPS subdomain and is protected by Google SSO. Credentials (admin username + password) are generated per-deployment and shown in the environment detail page.
📊Elastic StackSIEMElasticsearch + Kibana for log ingestion, search, correlation, and alerting.🛡WazuhXDROpen-source XDR — endpoint monitoring, file integrity, vulnerability detection.🎯MITRE CalderaRed TeamAutomated adversary emulation. Runs ATT&CK techniques to test detection coverage.🐝TheHive & DFIR-IRISCase MgmtSecurity case management, evidence tracking, IOC management, and investigation timelines.🦖VelociraptorForensicsLive endpoint forensics — artifact collection, threat hunting, and remote response via VQL.🌐OpenCTICTIThreat intelligence platform. Manage IOCs, TTPs, threat actors, and STIX/TAXII feeds.⚡Shuffle SOARSOARDrag-and-drop security orchestration. Build response playbooks without writing code.📈Grafana + PrometheusMonitoringMetrics collection and dashboarding for SOC infrastructure health.🔄n8nAutomationWorkflow automation — connect any API, trigger on events, build integrations visually or with code.📡Uptime KumaMonitoringStatus monitoring for sandbox tools. Instant alerts via Mattermost, Slack, or webhook.🤖LLM GatewayAIOpenAI-compatible proxy for Claude, GPT-4, and Gemini — one endpoint and API key for all tools.💬Open WebUIAIChatGPT-style interface with document RAG, custom personas, and multi-model support.🧩FlowiseAIVisual LangChain builder — drag-and-drop RAG pipelines and AI agent flows.🦞OpenClawAIMulti-channel AI gateway — connect Telegram, Discord, Slack, and WhatsApp to a private AI agent.🦙OllamaAILocal LLM runner — Llama 3, Mistral, Phi-3, CodeLlama — no API key, no external calls.🔍QdrantAIVector database for semantic search and RAG. Pre-wired to Flowise when deployed together.🔭LangfuseAILLM observability — trace AI calls, run evals, manage prompts, track cost and quality.🐳PortainerContainersDocker management UI — containers, images, volumes, and stacks without SSH.🐙GiteaDevOpsSelf-hosted Git with PRs, issues, and Gitea Actions CI/CD (GitHub-compatible YAML).🔎SonarQubeDevOpsStatic code analysis for bugs, vulnerabilities, and code smells with quality gates.💻Code ServerDevOpsVS Code in your browser with direct access to the sandbox network.💬MattermostCommsSelf-hosted team chat — Slack-compatible, alerting sink for Grafana and Wazuh.🗄MinIOStorageS3-compatible object storage for artifacts and backups. Use any AWS SDK or CLI.📉MetabaseAnalyticsBI dashboards and SQL queries over any database — visual builder and raw SQL.🔐HashiCorp VaultSecuritySecrets management — API keys and passwords fetched at runtime with audit logging.🔑KeycloakIdentitySSO with OIDC/SAML, MFA, Google federation, and role-based access control.🗺NetBoxInfraIP address management and network documentation — source of truth for your sandbox.☁️LocalStackCloudAWS emulation — S3, Lambda, DynamoDB, SQS, and 50+ services without an AWS account.