Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
CAPES (Cyber Analytics Platform and Examination System) is a service hub for hands-on security operations, aimed at segmented, self-hosted, and—when necessary—offline incident response, intelligence analysis, and threat hunting scenarios. It is not a single security product; rather, it combines multiple open-source components such as Rocketchat, Etherpad, Gitea, TheHive, CyberChef, Kibana, and Portainer into a deployable collaboration and analysis environment.
In terms of protection model, CAPES is more focused on post-detection response, analysis, and collaboration. It does not present firewall, EDR blocking, or automated remediation capabilities. TheHive handles incident response, CyberChef is used for data analysis, Beats collects security audit data, network traffic, performance, and health metrics, while Kibana provides visualization. On the collaboration side, it offers chat, documents, versioned records, diagramming, and VoIP, helping incident response teams keep information synchronized in isolated environments.
CAPES is deployed as a self-hosted Docker environment. The official instructions describe using git clone and deploy_capes.sh to automatically install Docker, pull images, and start containers. Development and testing are mainly based on CentOS 7.9. Portainer is used for container management, while Elasticsearch/Kibana/Beats form the data collection and visualization pipeline. Its integration capabilities mainly come from the bundled open-source components, making it suitable for teams that want to quickly set up a DFIR workbench. However, users are also expected to have operational experience with Linux, Docker, and the individual components.
The documentation clearly states that CAPES is a FOSS project and says it will remain open source. Deployment issues may receive best-effort support via GitHub Issues. Training and professional services require contacting Perched; pricing, payment methods, SLAs, and enterprise support tiers are not disclosed. No compliance certification information is provided either.
Its strengths are that it is free, self-hosted, able to run in isolated or offline networks, and covers a basic toolchain for incident response, collaboration, analysis, and visualization. Its limitations include limited capacity testing: the official documentation only mentions that about 20 users on a single virtual machine ran for one week without issues. Some services also have cumbersome first-time configuration steps and are not easy to restart after interruption. CAPES is better suited to security teams, labs, red/blue team exercises, or incident response groups with some engineering capability. It is not ideal for enterprises expecting an out-of-the-box product, strong SLAs, and compliance endorsements.
The main text does not provide information about access from mainland China, mirror sources, payments, or local services. Since the project depends on GitHub, Docker images, and multiple open-source components, real-world deployment may be affected by network conditions. Possible alternatives include self-hosted security operations tools such as TheHive, Security Onion, MISP, Elastic Stack, or DFIR-IRIS.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on capesstack.io official site.
capesstack.io is an Unknown Security provider. TG4G tracks its product information, an overall rating of 6.0/10, and a China-accessibility score of Workable. Click "Visit Official Site" to reach capesstack.io directly.