Aegis IR: offline incident response tool for air‑gapped SOCs
Aegis IR provides a Python CLI and local web dashboard to contain threats, collect forensic triage data, and manage cron rollbacks on isolated Linux systems. It stores state locally, signs every action with HMAC, and defaults to dry‑run for safety. Ideal for security teams operating in air‑gapped environments who need a dependable, dependency‑free response workflow. Its offline‑first design and signed audit chain set it apart from typical cloud‑dependent IR tools.
View on GitHub →jaradat13/aegis