IRIS-SOAR
Modular SOAR implementation in Python for security orchestration, automation, and response.
A Serverless Security Orchestration Automation and Response (SOAR) Framework for AWS GuardDuty. The GDPatrol Lambda function receives the GuardDuty findings through the CloudWatch Event Rule and executes the appropriate actions to mitigate the threats according to their types and severity. Supported actions include blacklist_ip, whitelist_ip, block_domain, quarantine_instance, snapshot_instance, disable_account, disable_ec2_access, enable_ec2_access, disable_sg_access, enable_sg_access, and asg_detach_instance. The actions to be executed are configured in the config.json file.
Modular SOAR implementation in Python for security orchestration, automation, and response.
A multi-platform open source tool for triaging suspect systems and hunting for Indicators of Compromise (IOCs) across thousands of endpoints.
Automated Digital Forensics and Incident Response (DFIR) software for rapid incident response and intrusion investigations.
Fast suspicious file finder for threat hunting and live forensics.
A collaborative and open-source incident response platform for sharing observables among analysts.
Companion repository for deploying osquery in a production environment with tailored query packs.