Skip to content
/ SOAR Public

Security Orchestration, Automation, and Response platform for AWS with security findings processing and incident management.

opensecops.org/soar.html

License

MPL-2.0 license
6 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

OpenSecOps-Org/SOAR

BranchesTags

Repository files navigation

SOAR Central Processors

This project contains nested state machines for OpenSecOps SOAR. Together, they constitute the central processors of security data:

  1. SOARSecHubFindingsProcessor: The main state machine triggered on ASFF data from Security Hub.
  2. SOARAttemptAutoRemediation: Invoked by SOARSecHubFindingsProcessor to handle autoremediation of failed controls.
  3. SOARIncidents: Invoked by SOARSecHubFindingsProcessor to handle incidents.
  4. SOARWeeklyAIReport: Invoked by cron every Monday morning to create the weekly security report.

Deployment

First make sure that your SSO setup is configured with a default profile giving you AWSAdministratorAccess to your AWS Organizations administrative account. This is necessary as the AWS cross-account role used during deployment only can be assumed from that account.

aws sso login

Then type:

./deploy

About

Security Orchestration, Automation, and Response platform for AWS with security findings processing and incident management.

opensecops.org/soar.html

Resources

Readme

License

MPL-2.0 license
Activity
Custom properties

Stars

6 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 6

v2.4.0 Latest
Jul 11, 2025
+ 5 releases

Sponsor this project

 
Learn more about GitHub Sponsors

Packages

No packages published

Languages