Awesome
Awesome-SOAR List 
<img src="https://github.com/correlatedsecurity/Awesome-SOAR/raw/master/Awesome-SOAR.png">A curated Cyber "Security Orchestration, Automation and Response (SOAR)" resources list.
"SOAR refers to technologies that enable organizations to collect inputs monitored by the security operations team. For example, alerts from the SIEM system and other security technologies — where incident analysis and triage can be performed by leveraging a combination of human and machine power — help define, prioritize and drive standardized incident response activities. SOAR tools allow an organization to define incident analysis and response procedures in a digital workflow format." - Gartner
Contents
- Global-Standards
- Incident-Categories
- Process-Resources
- Playbooks-Resources
- Workflow-Resources
- Automation-Resources
- User-Communities
- Articles
- Presentations
- Training
- SOAR-Solutions
Global-Standards
- NIST Cybersecurity Framework
- NIST Computer Security Incident Handling Guide
- Collaborative Open Playbook Standard (COPS) - by Demisto
- RE&CT Framework - a MITRE ATT&CK inspired framework specifically for actionable Incident Response techniques.
- Integrated Adaptive Cyber Defense (IACD) Automate Framework
- OASIS Collaborative Automated Course of Action Operations (CACAO) for Cyber Security - a standards effort to define a common language for course of action playbooks
Incident-Categories
- ServiceNow Incident Categories and Subcategories
- Incident Classification/Incident Taxonomy according to eCSIRT.net
Process-Resources
- Information Security Incident Management Process Document Template
- Incident Response Flowchart
- Critical Infrastructure Cyber Incident Management Process
- SANS Incident Handler's Handbook
Playbooks-Resources
- Playbooks in Visio and PDF
- Top 5 Playbooks by Ayehu
- Playbooks by Societe Generale
- Playbooks by guardsight
- Playbooks (cloud) by AWS
Automation-Resources
- Playbooks Automation components by Phantom
- Playbooks Automation components part 2 by Phantom
- Playbooks Automation components by DTonomy
- Playbooks Automation components by ThreatConnect
- Playbooks Automation components part 2 by ThreatConnect
- Playbooks Automation components by Rapid7
- Playbooks Automation components by Microsoft Azure Sentinel
- Playbooks Automation components by Ayehu
- Playbooks Automation components part 2 by Ayehu
- Playbooks Automation components part 3 by Ayehu
- Playbooks Automation components by ThreatConnect
- Playbooks Automation components by Shuffle
- Playbooks Automation components part 2 by Shuffle
- Playbooks Automation components by IBM Resilient Community
- Playbooks Automation components by Rapid7
- Playbooks Automation components by TheHive Cortex
- Playbooks Automation components part 2 by TheHive Cortex
- Playbooks Automation components by WALKOFF
- Playbooks Automation components by LogRhythm
User-Communities
Market-Research
- State of SOAR Report 2019
- Gartner Market Guide for SOAR Solutions 2019
- DFLABS Enterprise SOAR Buyers Guide 2019
- Top 10 SOAR Solutions for 2019
- Top Reviewed SOAR's on G2
- SOAR Vendor comparison
- The 8 Best SOAR Security Companies for 2020
- SANS 2020 Automation and Integration Survey Results
- PeerTalk™ Panel: SOAR Trends in 2020 and Beyond
Articles
- An OODA-driven SOC Strategy using: SIEM, SOAR and EDR
- Why a mature SIEM environment is critical for SOAR implementation
- 7 Steps to Building an Incident Response Playbook
- 8 Ways Playbooks Enhance Incident Response
- Top Security Orchestration Use Cases
- Security orchestration and automation checklist
Presentations
- Hacking your SOEL: SOC Automation and Orchestration – SANS Security Operations Summit 2018
- Hacking your SOEL: SOC Automation and Orchestration – SANS Security Operations Summit 2018 - SLIDES
- Leveraging TheHive & Cortex for automated IR
- Cloud Security Automation: From Infrastructure to App | SANS Cloud Security Summit 2019
- SANS Webcast: Automating Information Security with Python
Training
Contribute
Contributions welcome! Read the contribution guidelines first.
SOAR-Solutions
Commercial
- Cortex XSOAR - Previously Demisto, now with Palo Alto Networks
- [PRODUCT BLOG LINKS]
- [WEBINAR LINKS]
- [CONFERENCE SLIDES LINKS]
- [FREE/TRIAL DOWNLOAD LINKS]
- [FREE LEARNING LINKS]
- [PAID TRAINING LINKS]
- [DOCUMENTATION LINKS]
- [SUPPORT LINKS]
- Not Available
- [USER FORUM LINKS]
- [APP DEVELOPMENT LINKS]
- [REQUEST FOR ENHANCEMENTS LINKS]
- Not Available - Feature requests go through support
- [REDDIT COMMUNITY LINKS]
- Not Available
- [YOUTUBE LINKS]
- [TWITTER LINKS]
- [LINKEDIN LINKS]
- [ONLINE CHAT GROUPS]
- DTonomy SOAR
- [PRODUCT BLOG LINKS]
- [WEBINAR LINKS]
- Not Available
- [CONFERENCE SLIDES LINKS]
- Not Available
- [FREE/TRIAL DOWNLOAD LINKS]
- [FREE LEARNING LINKS]
- [PAID TRAINING LINKS]
- Not Available
- [DOCUMENTATION LINKS]
- [SUPPORT LINKS]
- Not Available
- [USER FORUM LINKS]
- Not Available
- [APP DEVELOPMENT LINKS]
- Not Available
- [REQUEST FOR ENHANCEMENTS LINKS]
- [REDDIT COMMUNITY LINKS]
- Not Available
- [YOUTUBE LINKS]
- [TWITTER LINKS]
- [LINKEDIN LINKS]
- [ONLINE CHAT GROUPS]
- IBM Resilient
- [PRODUCT BLOG LINKS]
- [WEBINAR LINKS]
- [CONFERENCE SLIDES LINKS]
- Not Available
- [FREE/TRIAL DOWNLOAD LINKS]
- Not Available - Image can be downloaded here, but requires license
- [FREE LEARNING LINKS]
- [PAID TRAINING LINKS]
- [DOCUMENTATION LINKS]
- [SUPPORT LINKS]
- [USER FORUM LINKS]
- [APP DEVELOPMENT LINKS]
- [REQUEST FOR ENHANCEMENTS LINKS]
- [REDDIT COMMUNITY LINKS]
- Not Available
- [YOUTUBE LINKS]
- [TWITTER LINKS]
- [LINKEDIN LINKS]
- [ONLINE CHAT GROUPS]
- Not Available
- Splunk Phantom
- [PRODUCT BLOG LINKS]
- [WEBINAR LINKS]
- [CONFERENCE SLIDES LINKS]
- [FREE/TRIAL DOWNLOAD LINKS]
- [FREE LEARNING LINKS]
- [PAID TRAINING LINKS]
- [DOCUMENTATION LINKS]
- [SUPPORT LINKS]
- [USER FORUM LINKS]
- [APP DEVELOPMENT LINKS]
- [REQUEST FOR ENHANCEMENTS LINKS]
- [REDDIT COMMUNITY LINKS]
- [YOUTUBE LINKS]
- [TWITTER LINKS]
- [LINKEDIN LINKS]
- [ONLINE CHAT GROUPS]
- Not Available
- Siemplify
- [PRODUCT BLOG LINKS]
- [WEBINAR LINKS]
- [CONFERENCE SLIDES LINKS]
- Not Available
- [FREE/TRIAL DOWNLOAD LINKS]
- [FREE LEARNING LINKS]
- [PAID TRAINING LINKS]
- Not Available
- [DOCUMENTATION LINKS]
- [SUPPORT LINKS]
- [USER FORUM LINKS]
- [APP DEVELOPMENT LINKS]
- [REQUEST FOR ENHANCEMENTS LINKS]
- [REDDIT COMMUNITY LINKS]
- Not Available
- [YOUTUBE LINKS]
- [TWITTER LINKS]
- [LINKEDIN LINKS]
- [ONLINE CHAT GROUPS]
- Not Available
- Swimlane - Syncurity is now acquired by Swimlane
- [PRODUCT BLOG LINKS]
- [WEBINAR LINKS]
- [CONFERENCE SLIDES LINKS]
- [FREE/TRIAL DOWNLOAD LINKS]
- Not Available
- [FREE LEARNING LINKS]
- [PAID TRAINING LINKS]
- [DOCUMENTATION LINKS]
- [SUPPORT LINKS]
- [USER FORUM LINKS]
- [APP DEVELOPMENT LINKS]
- [REQUEST FOR ENHANCEMENTS LINKS]
- [REDDIT COMMUNITY LINKS]
- Not Available
- [YOUTUBE LINKS]
- [TWITTER LINKS]
- [LINKEDIN LINKS]
- [ONLINE CHAT GROUPS]
- Not Available
- Rapid7 InsightConnect
- [PRODUCT BLOG LINKS]
- [WEBINAR LINKS]
- [CONFERENCE SLIDES LINKS]
- [FREE/TRIAL DOWNLOAD LINKS]
- [FREE LEARNING LINKS]
- [PAID TRAINING LINKS]
- [DOCUMENTATION LINKS]
- [SUPPORT LINKS]
- [USER FORUM LINKS]
- [APP DEVELOPMENT LINKS]
- [REQUEST FOR ENHANCEMENTS LINKS]
- [REDDIT COMMUNITY LINKS]
- [YOUTUBE LINKS]
- [TWITTER LINKS]
- [LINKEDIN LINKS]
- [ONLINE CHAT GROUPS]
- Not Available
- ThreatConnect
- [PRODUCT BLOG LINKS]
- [WEBINAR LINKS]
- [CONFERENCE SLIDES LINKS]
- [FREE/TRIAL DOWNLOAD LINKS]
- Not Available
- [FREE LEARNING LINKS]
- [PAID TRAINING LINKS]
- [DOCUMENTATION LINKS]
- [SUPPORT LINKS]
- [USER FORUM LINKS]
- [APP DEVELOPMENT LINKS]
- [REQUEST FOR ENHANCEMENTS LINKS]
- [REDDIT COMMUNITY LINKS]
- [YOUTUBE LINKS]
- [TWITTER LINKS]
- [LINKEDIN LINKS]
- [ONLINE CHAT GROUPS]
- ATAR - Now part of Micro Focus (ArcSight)
- [PRODUCT BLOG LINKS]
- [WEBINAR LINKS]
- [CONFERENCE SLIDES LINKS]
- [FREE/TRIAL DOWNLOAD LINKS]
- Not Available
- [FREE LEARNING LINKS]
- [PAID TRAINING LINKS]
- Not Available
- [DOCUMENTATION LINKS]
- Not Available
- [SUPPORT LINKS]
- Not Available
- [USER FORUM LINKS]
- Not Available
- [APP DEVELOPMENT LINKS]
- Not Available
- [REQUEST FOR ENHANCEMENTS LINKS]
- Not Available
- [REDDIT COMMUNITY LINKS]
- Not Available
- [YOUTUBE LINKS]
- [TWITTER LINKS]
- [LINKEDIN LINKS]
- [ONLINE CHAT GROUPS]
- .Not Available
- Ayehu
- [PRODUCT BLOG LINKS]
- [WEBINAR LINKS]
- [CONFERENCE SLIDES LINKS]
- [FREE/TRIAL DOWNLOAD LINKS]
- [FREE LEARNING LINKS]
- [PAID TRAINING LINKS]
- [DOCUMENTATION LINKS]
- [SUPPORT LINKS]
- [USER FORUM LINKS]
- [APP DEVELOPMENT LINKS]
- [REQUEST FOR ENHANCEMENTS LINKS]
- [REDDIT COMMUNITY LINKS]
- Not Available
- [YOUTUBE LINKS]
- [TWITTER LINKS]
- [LINKEDIN LINKS]
- [ONLINE CHAT GROUPS]
- Not Available
- FortiSOAR - Previously called CyberSponse, Now part of Fortinet
- [PRODUCT BLOG LINKS]
- [WEBINAR LINKS]
- [CONFERENCE SLIDES LINKS]
- [FREE/TRIAL DOWNLOAD LINKS]
- [FREE LEARNING LINKS]
- [PAID TRAINING LINKS]
- [DOCUMENTATION LINKS]
- [SUPPORT LINKS]
- [USER FORUM LINKS]
- [APP DEVELOPMENT LINKS]
- Not Available
- [REQUEST FOR ENHANCEMENTS LINKS]
- [REDDIT COMMUNITY LINKS]
- [YOUTUBE LINKS]
- [TWITTER LINKS]
- [LINKEDIN LINKS]
- [ONLINE CHAT GROUPS]
- Not Available
- D3 SOAR
- [PRODUCT BLOG LINKS]
- [WEBINAR LINKS]
- [CONFERENCE SLIDES LINKS]
- [FREE/TRIAL DOWNLOAD LINKS]
- Not Available
- [FREE LEARNING LINKS]
- [PAID TRAINING LINKS]
- Not Available
- [DOCUMENTATION LINKS]
- [SUPPORT LINKS]
- Not Available
- [USER FORUM LINKS]
- Not Available
- [APP DEVELOPMENT LINKS]
- Not Available
- [REQUEST FOR ENHANCEMENTS LINKS]
- Not Available
- [REDDIT COMMUNITY LINKS]
- Not Available
- [YOUTUBE LINKS]
- [TWITTER LINKS]
- [LINKEDIN LINKS]
- [ONLINE CHAT GROUPS]
- Not Available
- DFLabs IncMan SOAR
- [PRODUCT BLOG LINKS]
- [WEBINAR LINKS]
- [CONFERENCE SLIDES LINKS]
- [FREE/TRIAL DOWNLOAD LINKS]
- [FREE LEARNING LINKS]
- Not Available
- [PAID TRAINING LINKS]
- Not Available
- [DOCUMENTATION LINKS]
- [SUPPORT LINKS]
- [USER FORUM LINKS]
- [APP DEVELOPMENT LINKS]
- Not Available
- [REQUEST FOR ENHANCEMENTS LINKS]
- [REDDIT COMMUNITY LINKS]
- Not Available
- [YOUTUBE LINKS]
- [TWITTER LINKS]
- [LINKEDIN LINKS]
- [ONLINE CHAT GROUPS]
- Not available
- Resolve SOAR
- [PRODUCT BLOG LINKS]
- [WEBINAR LINKS]
- [CONFERENCE SLIDES LINKS]
- [FREE/TRIAL DOWNLOAD LINKS]
- Not available
- [FREE LEARNING LINKS]
- [PAID TRAINING LINKS]
- [DOCUMENTATION LINKS]
- Not available
- [SUPPORT LINKS]
- [USER FORUM LINKS]
- Not available
- [APP DEVELOPMENT LINKS]
- Not available
- [REQUEST FOR ENHANCEMENTS LINKS]
- [REDDIT COMMUNITY LINKS]
- Not Available
- [YOUTUBE LINKS]
- [TWITTER LINKS]
- [LINKEDIN LINKS]
- [ONLINE CHAT GROUPS]
- Not Available
- ServiceNow SecOps
- [PRODUCT BLOG LINKS]
- [WEBINAR LINKS]
- [CONFERENCE SLIDES LINKS]
- [FREE/TRIAL DOWNLOAD LINKS]
- Not Available
- [FREE LEARNING LINKS]
- Not Available
- [PAID TRAINING LINKS]
- [DOCUMENTATION LINKS]
- [SUPPORT LINKS]
- [USER FORUM LINKS]
- [APP DEVELOPMENT LINKS]
- [REQUEST FOR ENHANCEMENTS LINKS]
- [REDDIT COMMUNITY LINKS]
- [YOUTUBE LINKS]
- [TWITTER LINKS]
- [LINKEDIN LINKS]
- [ONLINE CHAT GROUPS]
- Not Available
- SIRP SOAR
- [PRODUCT BLOG LINKS]
- [WEBINAR LINKS]
- [CONFERENCE SLIDES LINKS]
- [FREE/TRIAL DOWNLOAD LINKS]
- .Not Available..
- [FREE LEARNING LINKS]
- Not Available
- [PAID TRAINING LINKS]
- Not Available
- [DOCUMENTATION LINKS]
- Not Available
- [SUPPORT LINKS]
- Not Available
- [USER FORUM LINKS]
- Not Available
- [APP DEVELOPMENT LINKS]
- Not Available
- [REQUEST FOR ENHANCEMENTS LINKS]
- Not Available
- [REDDIT COMMUNITY LINKS]
- Not Available
- [YOUTUBE LINKS]
- [TWITTER LINKS]
- [LINKEDIN LINKS]
- [ONLINE CHAT GROUPS]
- Not Available
- Tines
- [PRODUCT BLOG LINKS]
- [WEBINAR LINKS]
- Not Available
- [CONFERENCE SLIDES LINKS]
- Not Available
- [FREE/TRIAL DOWNLOAD LINKS]
- [FREE LEARNING LINKS]
- Not Available
- [PAID TRAINING LINKS]
- Not Available
- [DOCUMENTATION LINKS]
- [SUPPORT LINKS]
- Not Available
- [USER FORUM LINKS]
- Not Available
- [APP DEVELOPMENT LINKS]
- Not Available
- [REQUEST FOR ENHANCEMENTS LINKS]
- Not Available
- [REDDIT COMMUNITY LINKS]
- [YOUTUBE LINKS]
- [TWITTER LINKS]
- [LINKEDIN LINKS]
- [ONLINE CHAT GROUPS]
- Not Available
SIEM-with-SOAR-Included
- Microsoft Azure Sentinel - Logic Apps used as SOAR Functionality
- [PRODUCT BLOG LINKS]
- [WEBINAR LINKS]
- [CONFERENCE SLIDES LINKS]
- [FREE/TRIAL DOWNLOAD LINKS]
- [FREE LEARNING LINKS]
- [PAID TRAINING LINKS]
- Not Available
- [DOCUMENTATION LINKS]
- [SUPPORT LINKS]
- [USER FORUM LINKS]
- [APP DEVELOPMENT LINKS]
- [REQUEST FOR ENHANCEMENTS LINKS]
- [REDDIT COMMUNITY LINKS]
- [YOUTUBE LINKS]
- [TWITTER LINKS]
- [LINKEDIN LINKS]
- [ONLINE CHAT GROUPS]
- Securonix SOAR
- [PRODUCT BLOG LINKS]
- [WEBINAR LINKS]
- [CONFERENCE SLIDES LINKS]
- [FREE/TRIAL DOWNLOAD LINKS]
- Not Available
- [FREE LEARNING LINKS]
- Not Available
- [PAID TRAINING LINKS]
- [DOCUMENTATION LINKS]
- [SUPPORT LINKS]
- [USER FORUM LINKS]
- [APP DEVELOPMENT LINKS]
- [REQUEST FOR ENHANCEMENTS LINKS]
- [REDDIT COMMUNITY LINKS]
- [YOUTUBE LINKS]
- [TWITTER LINKS]
- [LINKEDIN LINKS]
- [ONLINE CHAT GROUPS]
- Not Available
- LogRhythm SOAR
- [PRODUCT BLOG LINKS]
- [WEBINAR LINKS]
- [CONFERENCE SLIDES LINKS]
- [FREE/TRIAL DOWNLOAD LINKS]
- [FREE LEARNING LINKS]
- [PAID TRAINING LINKS]
- [DOCUMENTATION LINKS]
- [SUPPORT LINKS]
- [USER FORUM LINKS]
- [APP DEVELOPMENT LINKS]
- [REQUEST FOR ENHANCEMENTS LINKS]
- [REDDIT COMMUNITY LINKS]
- [YOUTUBE LINKS]
- [TWITTER LINKS]
- [LINKEDIN LINKS]
- [ONLINE CHAT GROUPS]
- RSA NetWitness Orchestrator - Based off Demisto or ThreatConnect
- [PRODUCT BLOG LINKS]
- [WEBINAR LINKS]
- [CONFERENCE SLIDES LINKS]
- [FREE/TRIAL DOWNLOAD LINKS]
- Not Available
- [FREE LEARNING LINKS]
- [PAID TRAINING LINKS]
- [DOCUMENTATION LINKS]
- [SUPPORT LINKS]
- [USER FORUM LINKS]
- [APP DEVELOPMENT LINKS]
- Not Available - See ThreatConnect and Demisto for development
- [REQUEST FOR ENHANCEMENTS LINKS]
- [REDDIT COMMUNITY LINKS]
- Not Available
- [YOUTUBE LINKS]
- [TWITTER LINKS]
- [LINKEDIN LINKS]
- [ONLINE CHAT GROUPS]
- Not Available
Open-Source
- TheHive
- [PRODUCT BLOG LINKS]
- [WEBINAR LINKS]
- [CONFERENCE SLIDES LINKS]
- [FREE/TRIAL DOWNLOAD LINKS]
- [FREE LEARNING LINKS]
- [PAID TRAINING LINKS]
- Not Available
- [DOCUMENTATION LINKS]
- [SUPPORT LINKS]
- [USER FORUM LINKS]
- [APP DEVELOPMENT LINKS]
- [REQUEST FOR ENHANCEMENTS LINKS]
- [REDDIT COMMUNITY LINKS]
- Not Available
- [YOUTUBE LINKS]
- Not Available
- [TWITTER LINKS]
- [LINKEDIN LINKS]
- Not Available
- [ONLINE CHAT GROUPS]
- Shuffle
- [PRODUCT BLOG LINKS]
- [WEBINAR LINKS]
- Not Available
- [CONFERENCE SLIDES LINKS]
- Not Available
- [FREE/TRIAL DOWNLOAD LINKS]
- [FREE LEARNING LINKS]
- [PAID TRAINING LINKS]
- Not Available
- [DOCUMENTATION LINKS]
- [SUPPORT LINKS]
- [USER FORUM LINKS]
- Not Available
- [APP DEVELOPMENT LINKS]
- [REQUEST FOR ENHANCEMENTS LINKS]
- [REDDIT COMMUNITY LINKS]
- [YOUTUBE LINKS]
- Not Available
- [TWITTER LINKS]
- [LINKEDIN LINKS]
- Not Available
- [ONLINE CHAT GROUPS]
- WALKOFF
- [PRODUCT BLOG LINKS]
- Not Available
- [WEBINAR LINKS]
- Not Available
- [CONFERENCE SLIDES LINKS]
- [FREE/TRIAL DOWNLOAD LINKS]
- [FREE LEARNING LINKS]
- [PAID TRAINING LINKS]
- Not Available
- [DOCUMENTATION LINKS]
- [SUPPORT LINKS]
- [USER FORUM LINKS]
- Not Available
- [APP DEVELOPMENT LINKS]
- [REQUEST FOR ENHANCEMENTS LINKS]
- [REDDIT COMMUNITY LINKS]
- Not Available
- [YOUTUBE LINKS]
- Not Available
- [TWITTER LINKS]
- Not Available
- [LINKEDIN LINKS]
- Not Available
- [ONLINE CHAT GROUPS]
- Not Available
- [PRODUCT BLOG LINKS]
- catalyst