A Serverless Security Orchestration Automation and Response (SOAR) Framework for AWS GuardDuty. The GDPatrol Lambda function receives the GuardDuty findings through the CloudWatch Event Rule and executes the appropriate actions to mitigate the threats according to their types and severity. Supported actions include blacklist_ip, whitelist_ip, block_domain, quarantine_instance, snapshot_instance, disable_account, disable_ec2_access, enable_ec2_access, disable_sg_access, enable_sg_access, and asg_detach_instance. The actions to be executed are configured in the config.json file.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
An open-source, drag-and-drop security workflow builder with integrated case management for automating security workflows and tackling alert fatigue.
Cortex XSOAR is a comprehensive SOAR platform that automates and standardizes security processes for faster response times and increased team productivity.
Request Tracker for Incident Response (RTIR) is a tool for incident response teams to manage incident reports, correlate data, and facilitate communication.
A compilation of suggested tools for each component in a detection and response pipeline, with real-world examples, to design effective threat detection and response pipelines.
Open-source security automation platform for automating security alerts and building AI-assisted workflows.
Repository of templates for Ayehu's workflows with the ability to design, execute, and automate IT and business processes.
Sample security playbooks for security automation, orchestration and response (SOAR) using Microsoft Sentinel trigger
StackStorm is an open-source automation platform that connects and automates DevOps workflows and integrates with existing infrastructure.
jimi is an orchestration automation tool for multi-team collaboration and automation in IT/Security operations, Development, and CI/CD pipelines.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.