Open-SOAR is a project to allow opensource containerized workflows to allow Security Orchestration Automation and Response.
All Donations in Cryptocurrency are highly appreciated:
Bitcoin: 1QApAnZk7AhipRhVu367XeGDgxRriZ7zjv
Litecoin: MQ8MYBvBhJ4z8mAu1N9gjx33sXb9NuFyZg
Ethereum: 0x554489B7aE3B4Be4B4E82c473933725aeE29C417
$ git clone https://github.com/Sorsnce/Open-SOAR.git
$ cd Open-SOAR.git
$ docker build .
$ docker run -ti <docker image>
To help debug any issues you can drop into the shell of the container by using the following code:
$ docker run -ti <docker image> /bin/bash
You can also run Open-SOAR on Synology NAS
- Download the .py and .json for the custom function you want in Phnatom
- These can be found in the
modules
dirctory - Run the following commands below
$ tar -cvzf phantom.tgz <.json file> <.py files>
$ tar -cvzf phantom.tgz cisco_asa_app.json cisco_asa_app.py
- Now upload the
phantom.tgz
file into Splunk>Phantom and you should now have the imported function.