Platform Software

The SOCCRATES Platform consists of multiple components. Each component provides a particular service within the security automation and decision support platform. On this webpage the software is listed for each component, including information on where to get the software and instructions for installation. The SOCCRATES Platform can be deployed as a whole, or individual SOCCRATES components can be integrated within your own security infrastructure. See deliverables D2.3 SOCCRATES platform System Architecture & Interface Specification and D6.4 Final version of the SOCCRATES Platform for more information.

Click on the SOCCRATES component in the figure below to get more information.

Get in contact


MiddleMan is a software component designed by TNO to improve detection of DGA domains within the AAD based on the list of domains labelled as DGA by DGA Detective and provided via the Shadowserver API.

Available on …

AAD Cortex Responder

To enable the OIE to inform the AI based Attack Detection component to be informed of changes in infrastructure (i.e. new vulnerable host or new asset) the AAD Cortex Responder was developed. The information is used by REASENS.

Available on:


REASENS Framework is a hierarchical REAsoning system that enables the collection of events from distributed and heterogeneous SENSors. REASENS provides among others alert correlation and system state inference (under attack, normal operation, erroneous operation). REASENS was developed by AIT.

REASENS is available on <add link>


AMiner (logdata Anomaly Miner) is part of the ÆCID system, a log-based anomaly detection system operating on logs collected from the network layer (e.g., firewalls, switches, routers) and application layer (e.g., Web servers, DNS, application servers etc.). AMiner was developed by AIT. For more information see ÆCID.

AMiner is available on

ABC Tool

ABC Tool is a netflow-based anomaly detection, developed by TNO, for internal host communication profiling to detect a.o. lateral movement and data exfiltration.

Contact TNO for information on how to obtain ABC Tool: <add email address>

DNS Ninja

DNS Ninja is an anomaly detection products developed by TNO that allows you to monitor internal DNS traffic and provides insight into potentially malicious nodes in your infrastructure.

DNS Ninja is a product of SightLabs. Contact SightLabs for information.


L-ADS is a netflow-based anomaly detection tool developed by Atos.

Contact Atos for information on how to obtain L-ADS:

Copyright 2022 Soccrates
Developed by Convident