Free and Open-Source S.O.A.R.

The longer I spend staring at Splunk, the more I wish something; anything; would happen. Sure; there is data, logs, numerous events which make my eyes bleed. But it’s not actionable; my eyes, brain, and emotions have preconditioned me to skip, avoid and eventually discard information without setting off any alarms. The tedium of my daily routine creates gaps in an otherwise “secure” environment. If only there were a way to know which events to review.

https://xkcd.com/2368/
https://xkcd.com/2368/

Enter Security Orchestration Automated Response (S.O.A.R.) platforms, the hotter cousin of Security Information and Event Management (SIEM) software. The 2019 and beyond buzzword for Security Operations Centers everywhere. Replacing EDR, Next-Gen A/V, Threat Intelligence, etc., as the new must-have technology stack.

SOAR platforms endeavor to remove analysis fatigue through offering Incident Response as a service. Services include Playbook Strategies, API generated alerting and response, and some form of Content Management System (CMS). The space is occupied by large vendors, including IBM, Palo-Alto, and FireEye, for your batteries included or professional services set-up.

For the rest of us, those without the overhead to support these solutions' cost, there is the FOSS community. While not set it and forget it, a somewhat niche solution set exists which supports extensive customization if you’re willing to use a little elbow grease.

The Hive Project is a handful of well-developed, open-source solution sets that host an active community of users and contributors. Future posts will the more technical aspects of this ecosystem, but for now, let us cover the why.

  1. It’s free — yep, zero cost outside your sanity at times; to set up and deploy the solution.

Future articles in this series will include:

  • Installation, configuration, and deployment

Information Systems Security Officer @ SAAS Company

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store