[{"data":1,"prerenderedAt":4},["ShallowReactive",2],{"readme:allama":3},"\u003Cp align=\"center\">\n  \u003Cimg src=\"https:\u002F\u002Fraw.githubusercontent.com\u002Fdigitranslab\u002Fallama\u002FHEAD\u002Ffrontend\u002Fpublic\u002Ficon.svg\" alt=\"Allama\" width=\"120\" \u002F>\n\u003C\u002Fp>\u003Ch1>Allama\u003C\u002Fh1>\u003Cp align=\"center\">\n  \u003Cstrong>Open-Source AI Security Automation\u003C\u002Fstrong>\n\u003C\u002Fp>\u003Cp align=\"center\">\n  Automate threat detection and response with AI-powered workflows.\u003Cbr \u002F>\n  Self-hosted. 80+ integrations. Built for modern SOC teams.\n\u003C\u002Fp>\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdigitranslab\u002Fallama\u002Fblob\u002Fmain\u002FLICENSE\" rel=\"nofollow ugc noopener\">\n    \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Flicense-AGPL--3.0-blue.svg\" alt=\"License\" \u002F>\n  \u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Fdiscord.gg\u002F2mK6h9rp\" rel=\"nofollow ugc noopener\">\n    \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdiscord\u002F1212548097624903681.svg?logo=discord\" alt=\"Discord\" \u002F>\n  \u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdigitranslab\u002Fallama\u002Fstargazers\" rel=\"nofollow ugc noopener\">\n    \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fdigitranslab\u002Fallama\" alt=\"GitHub Stars\" \u002F>\n  \u003C\u002Fa>\n\u003C\u002Fp>\u003Cp align=\"center\">\n  \u003Ca href=\"#why-allama\" rel=\"nofollow ugc noopener\">Why Allama\u003C\u002Fa> •\n  \u003Ca href=\"#features\" rel=\"nofollow ugc noopener\">Features\u003C\u002Fa> •\n  \u003Ca href=\"#quick-start\" rel=\"nofollow ugc noopener\">Quick Start\u003C\u002Fa> •\n  \u003Ca href=\"#architecture\" rel=\"nofollow ugc noopener\">Architecture\u003C\u002Fa>\n\u003C\u002Fp>\u003Chr \u002F>\n\u003Ch2>Why Allama?\u003C\u002Fh2>\n\u003Cp>Security teams face 500+ alerts daily. Manual investigation is slow, inconsistent, and burns out analysts. Legacy SOAR tools cost $100k+ and require consultants to implement.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Allama changes this:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>90% faster triage\u003C\u002Fstrong> — AI agents enrich and prioritise alerts automatically\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero vendor lock-in\u003C\u002Fstrong> — 100% open source, self-hosted on your infrastructure\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No coding required\u003C\u002Fstrong> — Visual workflow builder for common automation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enterprise-ready\u003C\u002Fstrong> — Multi-tenant, SSO, audit trails, and compliance controls\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Chr \u002F>\n\u003Ch2>Features\u003C\u002Fh2>\n\u003Ch3>Visual Workflow Builder\u003C\u002Fh3>\n\u003Cp>Build security playbooks with drag-and-drop. Conditional logic, parallel execution, and loops — no code required.\u003C\u002Fp>\n\u003Ch3>AI-Powered Agents\u003C\u002Fh3>\n\u003Cp>Deploy autonomous agents that understand threats, make decisions, and execute responses. Supports OpenAI, Anthropic, Azure, or self-hosted models via Ollama.\u003C\u002Fp>\n\u003Ch3>80+ Integrations\u003C\u002Fh3>\n\u003Cp>Connect your entire security stack:\u003C\u002Fp>\u003Cp>\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>Category\u003C\u002Fth>\n\u003Cth>Tools\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>SIEM\u003C\u002Ftd>\n\u003Ctd>Splunk, Elastic, Datadog, Wazuh\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>EDR\u002FXDR\u003C\u002Ftd>\n\u003Ctd>CrowdStrike, SentinelOne\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Identity\u003C\u002Ftd>\n\u003Ctd>Okta, Microsoft Entra ID, Google Workspace\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Ticketing\u003C\u002Ftd>\n\u003Ctd>Jira, Zendesk, PagerDuty\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Communication\u003C\u002Ftd>\n\u003Ctd>Slack, Microsoft Teams, Email\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Threat Intel\u003C\u002Ftd>\n\u003Ctd>VirusTotal, URLScan, IPInfo, Anomali\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Cloud\u003C\u002Ftd>\n\u003Ctd>AWS, Google Cloud, Kubernetes\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Ch3>Case Management\u003C\u002Fh3>\n\u003Cp>Track incidents from detection to resolution. Custom fields, task assignment, file attachments, and complete audit trails.\u003C\u002Fp>\n\u003Ch3>Secure Script Execution\u003C\u002Fh3>\n\u003Cp>Run custom Python in isolated WebAssembly sandboxes. Network isolation, resource limits, and full audit logging.\u003C\u002Fp>\n\u003Chr \u002F>\n\u003Ch2>Quick Start\u003C\u002Fh2>\n\u003Cpre>\u003Ccode class=\"language-bash\">git clone https:\u002F\u002Fgithub.com\u002Fdigitranslab\u002Fallama.git\ncd allama\nmake init\nmake dev\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Or use the one-click demo script:\u003C\u002Fp>\n\u003Cpre>\u003Ccode class=\"language-bash\">.\u002Fdemo.sh\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Open \u003Ca href=\"http:\u002F\u002Flocalhost\" rel=\"nofollow ugc noopener\">http:\u002F\u002Flocalhost\u003C\u002Fa> and start building workflows.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Requirements:\u003C\u002Fstrong> Docker, Python 3.12+, 4GB RAM, 10GB disk space\u003C\u002Fp>\n\u003Chr \u002F>\n\u003Ch2>Architecture\u003C\u002Fh2>\n\u003Cpre>\u003Ccode class=\"language-mermaid\">flowchart LR\n    subgraph Sources[\"Data Sources\"]\n        S1[SIEM Alerts]\n        S2[EDR Events]\n        S3[Cloud Logs]\n        S4[Webhooks]\n    end\n\n    subgraph Platform[\"Allama Platform\"]\n        API[API Gateway&lt;br\u002F&gt;FastAPI]\n        WF[Workflow Engine&lt;br\u002F&gt;Temporal]\n        AI[AI Agents&lt;br\u002F&gt;PydanticAI]\n        INT[Integrations&lt;br\u002F&gt;80+ Tools]\n    end\n\n    subgraph Actions[\"Automated Response\"]\n        A1[Enrich &amp; Triage]\n        A2[Contain Threats]\n        A3[Create Cases]\n        A4[Notify Teams]\n    end\n\n    S1 &amp; S2 &amp; S3 &amp; S4 --&gt; API\n    API --&gt; WF\n    WF --&gt; AI\n    AI --&gt; INT\n    INT --&gt; A1 &amp; A2 &amp; A3 &amp; A4\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>Component\u003C\u002Fth>\n\u003Cth>Technology\u003C\u002Fth>\n\u003Cth>Purpose\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>API Gateway\u003C\u002Ftd>\n\u003Ctd>FastAPI\u003C\u002Ftd>\n\u003Ctd>Authentication, routing, OpenAPI docs\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Workflow Engine\u003C\u002Ftd>\n\u003Ctd>Temporal\u003C\u002Ftd>\n\u003Ctd>Durable execution with automatic retry\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>AI Agents\u003C\u002Ftd>\n\u003Ctd>PydanticAI + LiteLLM\u003C\u002Ftd>\n\u003Ctd>Multi-model support, tool orchestration\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Sandbox\u003C\u002Ftd>\n\u003Ctd>WebAssembly\u003C\u002Ftd>\n\u003Ctd>Isolated script execution\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Database\u003C\u002Ftd>\n\u003Ctd>PostgreSQL\u003C\u002Ftd>\n\u003Ctd>Persistent storage\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Object Storage\u003C\u002Ftd>\n\u003Ctd>\u003C\u002Ftd>\n\u003Ctd>\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n",1784240406337]