Arsenal Forge

What is Arsenal Forge?

Arsenal Forge is an open source, AI-powered orchestration platform that supercharges security analysts, blue teams, and SOC operations. Built on the Model Context Protocol (MCP), it automates threat enrichment, intelligence matching, and context-aware response suggestions.

Why Arsenal Forge?

AI That Works For You: Arsenal Forge leverages cutting-edge LLMs to act as a real-time assistant. It analyzes every alert, finds the signal in the noise, and helps teams prioritize what's truly critical—fast.
MITRE Mapping: Arsenal Forge automatically ties alerts and threat data to MITRE ATT&CK techniques so defenders can see the tactics, techniques, and procedures (TTPs) behind every detection and act decisively.
Human in the Loop: We don’t believe in full automation without oversight. Analysts review and approve AI-suggested playbooks, so decisions are always informed, auditable, and accountable.

Key Features

Plug-and-play integration: Arsenal Forge supports integration with SIEMs, EDR, threat intel feeds, and your custom tools using modular adapters.
Contextual Intelligence: It automatically checks CISA advisories, MITRE ATT&CK, and your internal rule libraries to build evidence-rich, actionable recommendations.

How Arsenal Forge Works

Ingests Alerts: Security alerts from your tech stack are routed to Arsenal Forge in real time.
Maps to MITRE: Alerts are automatically classified using the MITRE ATT&CK framework for contextualization and prioritization.
AI Playbook Response: Arsenal Forge generates detailed incident analysis and recommended playbooks, helping your team respond effectively and fast.

Architecture Diagram

graph TD ALERTS["Alerts"] --> MCP["MCP API"] MCP --> OPENAI["LLM"] MCP --> MITRE["MITRE ATT&CK"] MCP --> CISA["CISA Advisories"] MCP --> VECTOR["Vector DB"] MCP --> ANALYST["Analyst"]

Arsenal Forge Setup Video

Quickstart to Test a Jupyter Notebook MVP


git clone https://github.com/YOUR_ORG/arsenal-forge.git
cd arsenal-forge
pip install -r requirements.txt

# After cloning, run the following to (re)build the Chroma DB
python scripts/upload_to_chromadb.py

# Start backend servers
python mcp_mitre_server.py
python mcp_memory_server.py

# Launch the example notebook and start forging your defense arsenal!

🚀 How to Run the Full App with a Streamlit Front End

Upload/Prepare Data


cd scripts
python upload_to_chromadb.py

Start Backend Servers (in two terminals)


cd backend
python mcp_mitre_server.py


cd backend
python mcp_memory_server.py

Run the Streamlit Frontend


cd frontend
streamlit run app.py

Tip: Ensure your .env file is configured correctly with API URLs and keys (see .env.example).

The app will be available at http://localhost:8501 by default.

All communications are encrypted (TLS), API access is protected by keys, and user activity is logged securely for audit and monitoring purposes.

🚀 Access & Consulting

This is a private repo. For access, contact:

blodge@blodgic.com