Threat monitoring, analysis, and automated response — with full control over your data.
From git clone to running scans with Docker Compose.
Integrated services
Security tools
Open source
Clone the repository, copy the environment file, and start the stack.
$ git clone https://github.com/fabriziosalmi/wildbox.git $ cd wildbox $ cp .env.example .env $ docker compose up -d # Dashboard available at http://localhost:3000
Generates keys and configuration on first run. Override anything through the .env file.
Independent microservices orchestrated with Docker Compose. Run the full stack or just the services you need.
Health checks, restart policies, and persistent volumes are configured in the Compose files out of the box.
Modular services that work together — use what you need, ignore the rest.
Aggregate threat data from 50+ sources for IOC lookups and enrichment in one place.
Scan AWS, Azure, and GCP for misconfigurations and track your cloud security posture over time.
Scan, prioritize, and track vulnerabilities (CVEs) across your assets through to remediation.
Orchestrate incident response with YAML-based playbooks for repeatable, automated workflows.
Use large language models for threat analysis and report generation. Bring your own provider.
Users, teams, and role-based access control (RBAC) behind a single authenticated API gateway.
Bring up the services with Docker Compose. Each component is an independent microservice behind the API gateway.
Add cloud accounts (AWS, Azure, GCP), endpoints, and applications. Telemetry flows into a shared data lake.
Run continuous scans for vulnerabilities and misconfigurations, and pull in threat intelligence feeds.
Trigger YAML playbooks for automated response, and use LLM analysis to summarize findings.
It's open source under the MIT license — modify, extend, and integrate freely. No vendor lock-in.
Run security operations on your own infrastructure, keeping full data sovereignty and avoiding vendor lock-in.
A modular, extensible platform to customize and integrate with your existing tools and workflows.
Security visibility for self-hosted infrastructure, without depending on proprietary cloud security tooling.
Build threat intelligence pipelines and prototype detection ideas against real security data.
Clone the repository and have the platform running on your own infrastructure.