Giter Site home page Giter Site logo

swiftbird07 / iris-soar Goto Github PK

View Code? Open in Web Editor NEW
4.0 1.0 0.0 1.05 MB

๐Ÿš€ IRIS-SOAR: Modular SOAR (Security Orchestration, Automation, and Response) implementation in Python. Designed to complement DFIR-IRIS through playbook automation and seamless integrations. Easily extensible and in active development. Join us in building a tool geared towards enhancing security efficiency!

License: MIT License

Python 99.98% Shell 0.02%
dfir dfir-automation dfir-iris iris-web-framework python soar

iris-soar's Introduction

IRIS-SOAR

Welcome to IRIS-SOAR!

IRIS-SOAR is your go-to modular SOAR (Security Orchestration, Automation, and Response) solution, meticulously crafted with Python. Engineered to work seamlessly with DFIR-IRIS, it leverages playbook automation to facilitate effortless integrations with a variety of services.

Find the installation instructions here.

To understand how IRIS-SOAR operates at a high level, visit our "How it works" wiki page.

Excited to contribute? Brilliant! All the information you need is on the Contributing wiki page.

Features

Although IRIS-SOAR is in its early development stages, it promises a range of innovative features in its final release, including:

  • Receiving and forwarding alerts from various integration points, converting them seamlessly into IRIS alerts.
  • Enhancing IRIS-Cases with rich context gathered from different sources through integrations, managed efficiently using playbooks on a case-by-case basis.
  • Automating the escalation or merging of one or more IRIS-Alerts into an IRIS-Case, directed by alert-specific playbooks.
  • Facilitating automated actions on IRIS-Cases using case-specific playbooks โ€” whether it's closing a false positive or escalating a genuine incident to a higher severity level.
  • Easy extensibility allowing for the straightforward addition of new integrations or playbooks with minimal effort.

Available Integrations

Here are the integrations available at the moment:

  • Elastic SIEM: Facilitates the transition of alerts from Elastic to IRIS while also enhancing cases with Elastic data.
  • IBM QRadar: Imports offenses from QRadar to IRIS as alerts and enrich cases with QRadar data.
  • VirusTotal: Provides indicator threat intelligence context for individual cases or alerts.
  • Matrix: Keeps users updated about alerts, new cases, and fresh findings.

Feel free to explore and make the most of IRIS-SOAR's evolving capabilities!

iris-soar's People

Contributors

swiftbird07 avatar

Stargazers

avatar avatar avatar

Watchers

avatar

iris-soar's Issues

Graylog Integration

I try to integrate IRIS-SOAR with wazuh-indexer 4.4 , but I got the follwing errors:

root@IRIS:/IRIS-SOAR# python3 iris-soar.py --restart
2024-03-12 21:49:59,942 - isoar - INFO - Restarting IRIS-SOAR...
2024-03-12 21:49:59,942 - isoar - INFO - Stopping IRIS-SOAR...
2024-03-12 21:49:59,964 - isoar - INFO - Daemon not running
2024-03-12 21:49:59,987 - isoar - INFO - Worker script not running
2024-03-12 21:49:59,988 - isoar - WARNING - Nothing to stop!
2024-03-12 21:49:59,998 - isoar - INFO - Daemon disabled. Starting the main loop (isoar_worker.py) directly...
2024-03-12 21:50:00,053 - isoar_collector - INFO - Started IRIS-SOAR collector script
2024-03-12 21:50:00,053 - isoar_collector - INFO - Checking for new alerts...
2024-03-12 21:50:00,151 - isoar_collector - INFO - Calling module elastic_siem
/usr/local/lib/python3.9/dist-packages/elasticsearch/_sync/client/init.py:399: SecurityWarning: Connecting to 'https://192.168.59.128:9200' using TLS with verify_certs=False is insecure
_transport = transport_class(
2024-03-12 21:50:00,251 - isoar_collector - WARNING - The module elastic_siem had an unhandled error when trying to provide new alerts. Error: Traceback (most recent call last):
File "/root/IRIS-SOAR/isoar_alert_collector.py", line 130, in main
new_alerts = module_import.irsoar_provide_new_alerts(integration_config)
File "/root/IRIS-SOAR/integrations/elastic_siem.py", line 1256, in irsoar_provide_new_alerts
result = elastic_client.search(
File "/usr/local/lib/python3.9/dist-packages/elasticsearch/_sync/client/utils.py", line 446, in wrapped
return api(*args, **kwargs)
File "/usr/local/lib/python3.9/dist-packages/elasticsearch/_sync/client/init.py", line 3836, in search
return self.perform_request( # type: ignore[return-value]
File "/usr/local/lib/python3.9/dist-packages/elasticsearch/_sync/client/_base.py", line 320, in perform_request
raise HTTP_EXCEPTIONS.get(meta.status, ApiError)(
elasticsearch.ApiError: ApiError(406, 'Content-Type header [application/vnd.elasticsearch+json; compatible-with=8] is not supported', 'Content-Type header [application/vnd.elasticsearch+json; compatible-with=8] is not supported')
. Skipping Integration.
2024-03-12 21:50:00,251 - isoar_collector - WARNING - The module ibm_qradar is disabled. Skipping.
2024-03-12 21:50:00,251 - isoar_collector - WARNING - The module matrix_notify is disabled. Skipping.
2024-03-12 21:50:00,252 - isoar_collector - INFO - Finished collector script.
root@IRIS:~/IRIS-SOAR#

Is the error becose the compatability with wazuh-indexer 4 , kindly , your support ,please ,

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.