SOARCA
SOARCA is an open-source Security Orchestration, Automation and Response (SOAR) platform that automates threat and incident response workflows through standardized security playbooks. The tool ingests, validates, and executes CACAOv2 (Collaborative Automated Course of Action Operations) security playbooks via a JSON API interface. It supports multiple communication protocols including HTTP(S), SSH, and OpenC2 for native integrations. SOARCA provides an MQTT interface that enables custom integrations and extensibility for organizations with specific automation requirements. The platform is built around standardized formats and technologies, promoting interoperability across security tools and systems. The tool is designed for research and innovation purposes, allowing Security Operations Center (SOC), Computer Emergency Response Team (CERT), and Cyber Threat Intelligence (CTI) professionals to experiment with playbook-driven security automation approaches.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
IRIS-SOAR is a Python-based modular SOAR platform that automates security incident response workflows and integrates with DFIR-IRIS for enhanced digital forensics operations.
An open-source, drag-and-drop security workflow builder with integrated case management for automating security workflows and tackling alert fatigue.
Open-source security automation platform for automating security alerts and building AI-assisted workflows.
Cortex XSOAR is a comprehensive SOAR platform that automates and standardizes security processes for faster response times and increased team productivity.
RedELK is a SIEM tool designed for red teams to monitor and receive alerts about blue team detection activities during penetration testing engagements.
RedEye is a visual analytic tool that provides enhanced situational awareness and operational insights for both Red and Blue Team cybersecurity operations.
A repository of sample security playbooks with ARM templates for Microsoft Sentinel that enable automated security orchestration and response capabilities.
A community repository of workflow templates for the Ayehu NG platform that enables automated IT and business process execution.
Incident response and case management solution for efficient incident response and management.
PINNED
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.