The eye does not close.
Lidless Labs builds open-source SOC, network, and homelab tooling for MCP clients and AI-assisted operations. The work is local-first, MIT licensed where possible, and shaped around real systems that have to be queried under pressure.
- wazuh-mcp - Wazuh SIEM/XDR: alerts, agents, vulnerabilities, and rules.
- misp-mcp - MISP threat intelligence: IOC lookups, correlation, and exports.
- suricata-mcp - Suricata IDS/IPS EVE JSON alert analysis and rule workflows.
- thehive-mcp - TheHive incident response: cases, alerts, tasks, and observables.
- cortex-mcp - Cortex analyzers and responders for observable analysis.
- mitre-mcp - MITRE ATT&CK mapping, group profiling, and detection-gap analysis.
- zeek-mcp - Zeek + Suricata NSM log querying and correlation.
- hotwash - SOC playbook parser with mermaid diagrams and Wazuh alert ingestion.
- soc-stack - Full open-source SOC architecture: MCP servers, detection pipelines, and playbooks.
- cyberbrief - AI threat-intel briefings with BLUF reports and ATT&CK mapping.
- intel-workbench - Structured analytic techniques: ACH matrices and STIX export.
- maltego-mcp - Maltego graph authoring and OSINT lookups for whois, DNS, and ASN.
- vervet - Threat hunting for Zeek and Suricata logs with per-host risk scoring.
- librenmsctrl - LibreNMS devices, ports, alerts, acknowledgements, and maintenance windows.
- n8nctrl - n8n workflow inspection, validation, execution, and ops automation.
- watchtower - NOC dashboard with interactive topology and LibreNMS/Proxmox integration.
- portgrid - Switch-port visualization for LibreNMS with color-coded views and search.
- cutsheet - Network change intelligence: watches device configs and tells you what changed.
- eero-cli - CLI for the eero mesh API with non-interactive auth and device filtering.
- proxmox-mcp - Proxmox VE inventory and safe-write VM, container, and node operations.
- adguardctrl - AdGuard Home DNS filtering across read, safe-write, and destructive tiers.
- immichctrl - Immich photo library search, albums, people, and duplicate workflows.
- jellyctrl - Jellyfin playback sessions, library scans, and user admin.
- proxguard - Proxmox security auditor with CIS benchmarks and remediation scripts.
- samba-ad-migration - Windows AD to Samba file-share migration scripts for Proxmox.
Visit lidless.dev for the watch floor, then start with the tool that matches the system you already run.