LogManthan
An AI-powered security-operations platform — LLM-driven investigation, automated report generation, and a chat operator interface.
LogManthan is a modular, AI-powered security-operations (SOC) platform. Analysts drive their entire security stack from a chat operator interface, where an LLM reaches live tooling through a set of Model Context Protocol (MCP) servers — querying an open-source SIEM/XDR, running endpoint forensics, and walking a multi-stage incident-response pipeline (isolate → collect → hash → timeline → AI analysis → PDF report) without leaving the conversation. I worked across the platform: building MCP servers that expose dozens of security tools to the LLM, wiring them into the operator interface, and building the reporting layer — an LLM-driven engine that turns a period of alerts and vulnerabilities into a schema-validated PDF report, plus a customer-facing portal that schedules and delivers those reports with retry tracking and admin governance.
Highlights
- Built Model Context Protocol (MCP) servers that expose dozens of security tools to the chat operator's LLM — SIEM/XDR queries with DSL search and MITRE ATT&CK support, plus endpoint forensics over gRPC/mTLS — packaged as SSE-transport Docker services.
- Wired those tools into the chat operator interface so an analyst can investigate, threat-hunt and run forensics entirely through conversation.
- Built an LLM-driven report engine: it pulls a time-period of alerts and vulnerabilities, generates content against a strict JSON schema, and renders a templated HTML → PDF security report.
- Shipped the customer-facing reporting portal — self-onboarding, agent registration, daily/weekly/monthly schedules, dashboard/email delivery with rolling email-retry tracking and full admin governance — on React/Vite/Express/PostgreSQL/Prisma, Dockerized.