Detect C2 evasion. Triage automatically. Remediate instantly.
Validated on real Merlin QUIC C2 malware — z-score 14.76, 490K packets, 0% false positives.
▶ Live Dashboard · API Docs · Full API Reference · Contributing
FusionOps is an open-core agentic SecOps platform. One API call runs your traffic through three autonomous agents and returns a complete detection, triage, and remediation result.
Input (PCAP / JSON signals / scenario)
↓
[1] ThreatFade — entropy + z-score C2 detection
↓
[2] Triage Agent — priority, category, recommended action
↓
[3] Remediation Agent — ordered action plan + audit trail
↓
FullAnalysisResult in <100ms
Why this matters: Signature-based tools miss C2 evasion because adversaries deliberately quiet their channels. FusionOps detects the absence of signal — the entropy drop itself — not just known malware patterns.
Dashboard: https://fusionops.tinlance.com/dashboard
API: https://fusionops.tinlance.com/docs
# Try it right now — no setup needed
curl -X POST https://fusionops.tinlance.com/detect/scenario \
-H "Content-Type: application/json" \
-d '{"scenario": "c2_quieting"}'| Metric | Result |
|---|---|
| PCAP Size | 90.85 MB |
| Packets Analysed | 490,565 |
| Active C2 Sessions | 521 |
| Z-Score | 14.76 (CRITICAL) |
| Detected | ✅ YES |
| MITRE TTP | T1027 – Obfuscated Files/Information |
| False Positives | 0% |
| Malware | Z-Score | Result |
|---|---|---|
| Merlin QUIC C2 | 14.76 | ✅ Detected |
| Cobalt Strike | 7.01 | ✅ Detected |
| IcedID | 3.89 | ✅ Detected |
git clone https://github.com/Tinlance/fusionOps.git
cd fusionOps
pip install -r requirements.txtcp .env.example .env
# Edit .env — set THREATFADE_API_URL to your ThreatFade instancegit clone https://github.com/LloydCoder/tinlance-threatfade.git
cd tinlance-threatfade
pip install fastapi "uvicorn[standard]" python-multipart pydantic scapy numpy scipy
uvicorn fusionops_api:app --host 0.0.0.0 --port 8000 --reloadcd fusionOps
uvicorn api.fusionops_api:app --host 0.0.0.0 --port 8080 --reloadhttp://localhost:8080/dashboard
Or Swagger UI at http://localhost:8080/docs
| Method | Endpoint | Description |
|---|---|---|
GET |
/health |
Liveness check — confirms ThreatFade connection |
GET |
/events |
Rolling event log polled by dashboard every 5s |
POST |
/detect/json |
Analyse entropy time-series as JSON |
POST |
/detect/scenario |
Run a named simulation scenario |
POST |
/detect/pcap |
Upload PCAP/PCAPNG for real traffic analysis |
POST |
/triage |
Run triage agent on an existing detection result |
GET |
/dashboard |
Live SOC dashboard UI |
GET |
/ |
Product landing page |
📖 Full API Reference → docs/API.md
fusionOps/
├── api/
│ └── fusionops_api.py # FastAPI app — 6 endpoints + dashboard + landing
├── agents/
│ ├── triage_agent.py # Classifies: priority, category, action
│ └── remediation_agent.py # Generates ordered plan + audit trail
├── config/
│ └── settings.py # Pydantic settings — loads from .env
├── dashboard/
│ └── index.html # Live SOC terminal — polls /events every 5s
├── landing/
│ └── index.html # Product landing page
├── docs/
│ └── API.md # Full API reference with examples
├── .github/
│ ├── workflows/ci.yml # CI — install, lint, test
│ └── ISSUE_TEMPLATE/ # Bug report + feature request templates
├── .env.example # Environment variable template
├── requirements.txt
├── CONTRIBUTING.md # How to contribute
├── SECURITY.md # Security policy + vulnerability reporting
├── CHANGELOG.md # Version history
└── README.md
| Feature | Free (this repo) | Enterprise |
|---|---|---|
| C2 entropy + z-score detection | ✅ | ✅ |
| Triage agent (priority + category + action) | ✅ | ✅ |
| Remediation plan generation | ✅ | ✅ |
| PCAP upload + real traffic analysis | ✅ | ✅ |
| REST API + Swagger docs | ✅ | ✅ |
| LOG actions auto-executed | ✅ | ✅ |
| NETWORK / PROCESS auto-execution | ❌ | ✅ |
| SIEM / SOAR / Slack integrations | ❌ | ✅ |
| LLM + AI agent channel monitoring | ❌ | ✅ |
| Persistent event storage (DynamoDB) | ❌ | ✅ |
| Compliance dashboard (SOC 2 / GDPR) | ❌ | ✅ |
| Customer-managed encryption keys | ❌ | ✅ |
Enterprise inquiries: hello@tinlance.com
- ThreatFade C2 detection engine validated on real malware
- FastAPI REST API — 6 endpoints
- PCAP upload + real-time entropy analysis
- Triage agent — priority, category, recommended action
- Remediation agent — ordered plan + audit trail
- Live SOC dashboard — 5s polling, event detail, audit log
- AWS production deployment — permanent URL
- Product landing page
- Full API documentation
- API key authentication (Enterprise)
- SIEM integrations — Splunk, Elastic, CEF
- Webhook notifications
- LLM + agentic AI channel monitoring
- Persistent event storage (DynamoDB)
- GitHub Actions CI/CD pipeline
Tinlance has merged PRs into the top security OSS tools:
| Repo | Stars | Contribution |
|---|---|---|
| Nuclei | 24K★ | Nigerian fintech credential detector |
| TruffleHog | 15K★ | 5 Nigerian fintech detectors |
| Semgrep | 11K★ | Day-one merge — rule in global prod scans |
| Gitleaks | 10K★ | Secret detection rules |
| Slither | 5K★ | Nigerian fintech credential detection |
Tinlance Limited (RC: 7962164) — Nigeria 🇳🇬
Building AI and cybersecurity products for the frontier.
Apache 2.0 — see LICENSE
The multi-agent auto-execution, SIEM integrations, LLM channel monitoring, persistent storage, and enterprise compliance features are proprietary and not included in this open-core release.