Open source · Wazuh powered · BYO infrastructure · BYO LLM
A Wazuh powered,
AI first SOC platform.
Built for MSPs and MSSPs that want to deliver SOC services on their own terms. Open source. Self-host on your own infrastructure, bring your own LLM, keep your customer relationships, and turn daily SOC activity into security posture and compliance evidence.
Same open source SocTalk whether you self-host, run it as your MSP or MSSP platform, or use SocTalk Cloud for managed control plane and support.
SocTalk Cloud is available now. We're onboarding a small group of founding customers and working closely with them on deployment, operations, and reporting.
Built for MSPs and MSSPs
Wazuh powered SIEM foundation
Detection runs on Wazuh, the open source SIEM with no licensing cost. The same engine runs whether you self-host, operate it as your MSP or MSSP platform, or use SocTalk Cloud for managed control plane and support. No commercial SIEM contract eating margin per customer.
AI assisted SOC workflows
Bring your own LLM. OpenAI, Anthropic, Gemini, a local Ollama or vLLM, your choice. The platform turns alerts into investigations with verdicts, evidence, and analyst-ready notes. Humans stay in the loop. No agents acting on their own, no analysts replaced.
Bring your own infrastructure
Run customer tenants where the economics make sense. A cheap VPS, Hetzner, OVH, bare metal, private cloud, customer infrastructure, or AWS, GCP, or Azure when needed. SocTalk Cloud manages the control plane. The SOC data plane stays where you want it.
Open source. No vendor lock in.
SocTalk is Apache 2.0. Multi-tenant, AI assisted, and full featured out of the box. Not a stripped down community edition designed to force an upgrade. Use SocTalk Cloud or commercial support when they help. The product keeps working either way.
How MSPs and MSSPs deliver SOC
A different way to deliver SOC.
Not a wholesale SOC desk. A Wazuh powered, AI first platform for providers that want to keep control of their infrastructure, customer relationships, and margins.
| Dimension | Traditional MSSP SOC delivery Provider stands up their own SIEM and tooling stack. | Wholesale SOC as a Service Provider outsources SOC delivery to an upstream desk. | SocTalk model Open source platform layer. Provider keeps delivery. |
|---|---|---|---|
| SIEM economics | Commercial SIEM licenses or volume based pricing | Bundled into the upstream provider's stack | Wazuh powered, zero licensing cost |
| Infrastructure | Custom stack or vendor mandated infrastructure | Whatever the upstream provider runs on | BYO from VPS to private cloud to hyperscaler |
| LLM layer | Usually no flexible AI layer, vendor add-ons if any | Whatever the upstream provider uses | BYO LLM. OpenAI, Anthropic, Gemini, Ollama, or vLLM |
| Analyst operations | Scales with human workload and manual process | Outsourced to the upstream SOC desk | Analysts stay in-house with AI assisted workflows |
| Customer ownership | Provider owns the relationship | Delivery dependency shifts upstream | Provider keeps relationship, data plane, and delivery |
| Compliance evidence | Spreadsheets, GRC tools, or manual reporting | Whatever the upstream provider exposes | Generated from SOC activity itself, no separate tool |
| Lock in | Vendor data, workflows, contracts, portals | Upstream provider dependency | Open source. Self-host. Cloud is optional. |
| Scaling economics | Gets expensive for smaller and mid-market customers | Improves coverage but consumes margin | Designed for low cost multi-tenant delivery |
The MSP or MSSP keeps the customer relationship, infrastructure, analyst capacity, and delivery model. SocTalk is the platform layer underneath. Not a staffing provider, not a SOC desk.
Get started
Two paths.
Open source is free, fully featured, and self-hostable on your own infrastructure. SocTalk Cloud is available now to a small founding-customer cohort. Cloud pricing is handled in a 30-minute call, not on the marketing site.
Open Source
Self-host on your own infrastructure.
Apache 2.0 forever. Full platform with no feature gates. Run it where the economics make sense.
- Full platform. Multi-tenant, AI assisted, no feature gates
- BYO infrastructure (VPS, bare metal, private cloud, hyperscaler)
- BYO LLM (OpenAI, Anthropic, Gemini, Ollama, vLLM)
- Community support on GitHub and Discord
SocTalk Cloud
Available now to founding customers.
Managed control plane and direct support from the platform team. Pricing is shaped in the conversation rather than published while the cohort is small.
- Hosted control plane and lifecycle management
- BYO Wazuh data plane in your infrastructure
- White-label tenant portals and branding
- Direct platform-team Slack channel during onboarding
- Discounted founding-customer pricing for year one
- Operated by Atricore Inc., Wazuh partner
SocTalk Cloud does not require us to host your SOC data plane. The same open source SocTalk can connect to Wazuh running in your cloud, your customer's cloud, or your MSP or MSSP infrastructure. Day-to-day alert ownership stays with you and your analysts.
Run SocTalk on your own infrastructure.
Clone the open source repo and run it locally. A hosted sandbox with synthetic SOC data is launching soon.