Azazel-Edge | Emergency SOC/NOC Gateway

// DETERMINISTIC ENGINE

Five actions. No ambiguity.

The arbiter selects exactly one action per evaluation cycle, with a traceable decision log and rejected alternatives. AI advice is input — not the verdict.

01 OBSERVE Monitor and collect. No active response required.

→

02 NOTIFY Alert operator. Escalation required.

→

03 THROTTLE Rate-limit traffic from suspect source.

→

04 REDIRECT Divert traffic to analysis path.

→

05 ISOLATE Cut off host from network segment.

// WHAT IT IS

Deploy in under an hour.

Azazel-Edge turns a Raspberry Pi into an emergency SOC/NOC gateway. Internal network, DHCP, NAT forwarding, threat triage, and operator UI — all from one installer.

Raspberry Pi を即席の SOC/NOC ゲートウェイに変えます。内部ネットワーク・DHCP・NAT・脅威トリアージ・オペレータ UI を1つのインストーラで。

Temporary venue / field office
No cloud, no SIEM required
Working gateway + triage in <1 hr

// WHAT IT IS NOT

Not a black box.

Every decision is deterministic and auditable. AI advisory via Ollama is optional and bounded — all core functions work fully offline without it.

すべての判断は決定論的で監査可能。AI アドバイザリは補助のみ。クラウドなしで完全動作します。

Not a production SIEM replacement
Not an autonomous AI decision maker
Not cloud-dependent

// ARCHITECTURE

Event pipeline

INGESTION

Suricata EVE NetFlow v5 SNMP Poller Wazuh

Rust Core normalize + bridge

Evidence
Plane

EVALUATION

NOC Evaluator SOC Evaluator

Action Arbiter deterministic · auditable

Decision
+ Audit

OPERATOR PLANE

Web UI / API Mattermost Audit Log TAXII 2.1

AI ASSIST (optional) AI Governance → Ollama LLM → advisory only — arbiter has final say

// CAPABILITIES

Built for field use

◈

Offline first

Zero cloud dependency. Deploy to event venues, disaster sites, or air-gapped network segments.

クラウド不要。イベント会場・災害現場・エアギャップ環境で動作します。

◈

Deterministic logic

Fixed-rule NOC and SOC evaluators produce exactly one action with a traceable decision explanation.

固定ルールの NOC/SOC 評価器が決定論的に1アクションと説明を出力します。

◈

AI advisory

Local Ollama integration for narrative summaries. AI is bounded — advises only, arbiter decides.

ローカル Ollama で要約・助言を生成。AI は補助のみ、判断はアービタです。

◈

Runbook workflow

Structured runbooks guide operator response for fast, repeatable, auditable incident handling.

構造化ランブックで迅速・再現可能なインシデント対応を実現します。

◈

Multi-source ingestion

Suricata EVE, NetFlow v5, SNMP polling, Wazuh — all normalized via Rust core into a unified evidence plane.

Suricata・NetFlow・SNMP・Wazuh を Rust コアで正規化し統合します。

◈

STIX / TAXII export

Read-only TAXII 2.1 API and STIX exporter for intel sharing and downstream tool integration.

TAXII 2.1 API と STIX エクスポートで脅威インテリジェンス共有に対応。

// QUICK START

From zero to gateway

install.sh — Azazel-Edge

# 1. Clone the repository
$ git clone https://github.com/01rabbit/Azazel-Edge.git && cd Azazel-Edge

# 2. Run the interactive installer (Raspberry Pi OS / Debian)
$ sudo bash installer/install.sh

# 3. Optional: add SNMP and NetFlow v5 sensors
$ sudo bash installer/install_sensors.sh

# 4. Verify service is running
$ sudo systemctl status azazel-edge

# 5. Launch deterministic demo (no live traffic required)
$ azazel-edge-demo
▶  Demo running at http://localhost:5000

// USE CASES

When to deploy

01

Event venue monitoring

Temporary network segment at conferences, CTF events, or competition venues needing first-response triage without a full SIEM.

CTF・カンファレンス・競技会場などの臨時ネットワーク監視に。

02

Disaster response

Stand up a command post SOC/NOC at a disaster site with no cloud connectivity in under an hour.

災害対応拠点でクラウドなしの即席 SOC/NOC を短時間で構築できます。

03

Red team / exercises

Field operations baseline for security exercises, red team engagements, and incident response training environments.

レッドチーム・演習・IR トレーニングの即席運用基盤として。

// DOCUMENTATION

Operator resources

OPERATOR PACK

INFRASTRUCTURE PACK

INTEGRATION PACK

AI AGENT & CHANGELOG