StackMap
Subscribe

allama vs opensre

Open-source AI security automation (SOAR): visual playbook builder, autonomous triage agents, and 80+ SIEM/EDR/identity/ticketing integrations. Self-hosted, multi-tenant. — versus — Open-source framework for AI SRE agents plus the RL training and evaluation environment they need — connect 60+ tools you already run and investigate incidents on your own infra.

The curated verdict

The same pattern — AI agents automating incident response — pointed at different fires: OpenSRE at production outages, Allama at security alerts. Pick by which pager you carry.

allamaopensre
Stars1798.5k
Forks141.2k
LanguagePythonPython
LicenseAGPL-3.0Apache-2.0
Last activity5 months agoyesterday
Topicssecurity, agentsagents, evals
Curated connections42

allama — the curator's take

The open answer to $100k SOAR contracts: drag-and-drop security playbooks, AI agents that enrich and prioritize the 500-alert firehose, and integrations across the stack you already run (Splunk, CrowdStrike, Okta, Jira…) — with local models via Ollama so nothing sensitive leaves your infra. The honesty check: it's young (~180 stars) and the commit graph has been quiet for months, so treat claims as a pilot to verify, not a deployment to trust — and AGPL-3.0 matters if you embed it in a service. Ingested over the curator's maturity objection: the niche (open AI-SOAR) is real and empty.

opensre — the curator's take

The most serious open attempt at 'SWE-bench for production incidents': not just an agent that greps logs, but a reinforcement-learning environment where SRE agents can actually be trained and scored on distributed failures. Connect the observability stack you already run (60+ integrations) and investigate on your own infrastructure. NOT production-stable — it's a public alpha and says so, APIs will move; and mind the telemetry section plus the vendor (Tracer Cloud) gravity. Adopt the benchmark and ideas today, bet the pager on it later.