Awesome-SOAR List

A curated Cyber "Security Orchestration, Automation and Response (SOAR)" resources list.

"SOAR refers to technologies that enable organizations to collect inputs monitored by the security operations team. For example, alerts from the SIEM system and other security technologies — where incident analysis and triage can be performed by leveraging a combination of human and machine power — help define, prioritize and drive standardized incident response activities. SOAR tools allow an organization to define incident analysis and response procedures in a digital workflow format." - Gartner

Contents

• SOAR-Solutions
• Global-Standards
• Incident-Categories
• Process-Resources
• Playbooks-Resources
• Workflow-Resources
• Automation-Resources
• User-Communities
• Articles
• Presentations
• Training

SOAR-Solutions

Commercial

• Cortex XSOAR - Previously Demisto, now with Palo Alto Networks
• IBM Resilient
• Splunk Phantom
• Siemplify
• Swimlane
• Rapid7 InsightConnect
• ThreatConnect
• ATAR - Now part of Micro Focus (ArcSight)
• Ayehu
• Cyberbit
• CyberSponse - Now part of Fortinet
• D3 SOAR
• DFLabs IncMan SOAR
• Resolve SOAR
• ServiceNow SecOps
• Syncurity IR Flow
• SIRP SOAR

Open-Source

• The Hive
• Shuffle

Global-Standards

• NIST Cybersecurity Framework
• NIST Computer Security Incident Handling Guide
• Collaborative Open Playbook Standard (COPS) - By Demisto

Incident-Categories

• ServiceNow Incident Categories and Subcategories
• Incident Classification/Incident Taxonomy according to eCSIRT.net

Process-Resources

• Information Security Incident Management Process Document Template
• Incident Response Flowchart
• Critical Infrastructure Cyber Incident Management Process
• SANS Incident Handler's Handbook

Playbooks-Resources

• Playbooks in Visio and PDF
• Top 5 Playbooks by Ayehu
• Playbooks by Societe Generale
• Playbooks by guardsight

Workflow-Resources

• Playbooks by Phantom
• Playbooks Components by Rapid7

Automation-Resources

• IBM Resilient Community Integrations on Github
• Splunk Phantom Integrations on Github
• Rapid7 InsightConnect Integrations on Github

User-Communities

• SOAR Telegram Group
• List item

Articles

• Gartner Market Guide for SOAR Solutions 2019
• An OODA-driven SOC Strategy using: SIEM, SOAR and EDR
• Why a mature SIEM environment is critical for SOAR implementation
• 7 Steps to Building an Incident Response Playbook
• 8 Ways Playbooks Enhance Incident Response
• Top Security Orchestration Use Cases

Presentations

• Hacking your SOEL: SOC Automation and Orchestration – SANS Security Operations Summit 2018
• Hacking your SOEL: SOC Automation and Orchestration – SANS Security Operations Summit 2018 - SLIDES
• Leveraging TheHive & Cortex for automated IR
• Cloud Security Automation: From Infrastructure to App | SANS Cloud Security Summit 2019
• SANS Webcast: Automating Information Security with Python

Training

• SANS SEC573: Automating Information Security with Python

Contribute

Contributions welcome! Read the contribution guidelines first.