Security Orchestration Automation and Response Tools
SOAR platforms for automating security workflows, orchestrating incident response, and improving SOC efficiency.
Browse 159 security orchestration automation and response tools
FEATURED
USE CASES
AI-powered security operations platform for autonomous alert triage & response
AI-driven SOC platform for automated alert triage, investigation & response
AI-powered security platform that correlates signals & automates actions
AI-powered SOC analyst that autonomously investigates and triages alerts
AI-powered security operations platform for automated threat analysis and response
SOAR platform for orchestrating security products and automating SOC workflows
A Security Orchestration, Automation and Response (SOAR) platform for incident response and threat hunting.
A mature SIEM environment is critical for successful SOAR implementation.
A collection of AWS-native scripts and automation tools for DevSecOps, incident response, and security remediation in cloud environments.
A serverless SOAR framework for AWS GuardDuty that automatically executes configurable response actions based on security findings and threat severity.
An open source repository of plugins for Rapid7 InsightConnect that enables security orchestration and automation through integrations with various security tools and services.
Repository of default playbooks and custom functions for Splunk SOAR instances with content migration to Splunk's GitHub.
Migrated Splunk SOAR Connectors to new GitHub organization for better organization and management.
WALKOFF is an automation framework that provides drag-and-drop workflow creation capabilities for integrating security tools and automating repetitive tasks.
Automate security incident handling and facilitate real-time activities of incident handlers.
Repository for IBM SOAR Apps source-code and development resources.
A panic button application that triggers coordinated emergency responses across multiple connected security applications and systems.
A collection of automation workflows for the Shuffle security orchestration platform that covers common cybersecurity use-cases and can be customized for organizational needs.
A repository of public applications for the Shuffle security orchestration platform that enables automated security workflows and integrations.
A content repository for Cortex XSOAR that provides playbooks, automation scripts, and templates for security operations automation and orchestration.
Shuffle Automation is an accessible automation platform that provides workflow automation capabilities for security operations with both self-hosted and cloud deployment options.
Catalyst is a SOAR platform that automates alert handling and incident response procedures through ticket management, templates, and playbooks.
Dispatch helps manage security incidents by integrating with existing tools and automating incident response tasks.
A CLI program that simplifies cybersecurity solution management through automated deployment, configuration, monitoring, and lifecycle operations across multiple hosts.
Security Orchestration Automation and Response Tools FAQ
Common questions about Security Orchestration Automation and Response tools, selection guides, pricing, and comparisons.
High-value SOAR automations include: phishing triage (analyze suspicious emails, check URLs, extract IOCs, enrich with threat intel, quarantine if malicious), automated enrichment (look up IPs, domains, and file hashes across threat intel sources for every alert), endpoint isolation (automatically isolate compromised machines), and alert deduplication (group related alerts into single incidents).
Yes. Out of 24 security orchestration automation and response tools listed on CybersecTools, 18 are free and 6 are commercial. Free tools work well for small teams, testing, and budget-conscious organizations. Commercial tools typically add enterprise features, dedicated support, and SLA guarantees.
