Awesome-SOAR List / Global-Standards |
| NIST Cybersecurity Framework | | | |
| NIST Computer Security Incident Handling Guide | | | |
| Collaborative Open Playbook Standard (COPS) | 150 | over 1 year ago | by Demisto |
| RE&CT Framework | 613 | over 2 years ago | a MITRE ATT&CK inspired framework specifically for actionable Incident Response techniques |
| Integrated Adaptive Cyber Defense (IACD) Automate Framework | | | |
| OASIS Collaborative Automated Course of Action Operations (CACAO) for Cyber Security | | | a standards effort to define a common language for course of action playbooks |
Awesome-SOAR List / Incident-Categories |
| ServiceNow Incident Categories and Subcategories | | | |
| Incident Classification/Incident Taxonomy according to eCSIRT.net | | | |
Awesome-SOAR List / Process-Resources |
| Information Security Incident Management Process Document Template | | | |
| Incident Response Flowchart | | | |
| Critical Infrastructure Cyber Incident Management Process | | | |
| SANS Incident Handler's Handbook | | | |
Awesome-SOAR List / Playbooks-Resources |
| Playbooks in Visio and PDF | | | |
| Top 5 Playbooks by Ayehu | | | |
| Playbooks by Societe Generale | 978 | 9 months ago | |
| Playbooks by guardsight | 360 | 6 months ago | |
| Playbooks (cloud) by AWS | 926 | 6 months ago | |
Awesome-SOAR List / Automation-Resources |
| Playbooks Automation components by Phantom | 472 | 8 days ago | |
| Playbooks Automation components part 2 by Phantom | 82 | about 3 years ago | |
| Playbooks Automation components by DTonomy | | | |
| Playbooks Automation components by ThreatConnect | 69 | 4 months ago | |
| Playbooks Automation components part 2 by ThreatConnect | 69 | 4 months ago | |
| Playbooks Automation components by Rapid7 | | | |
| Playbooks Automation components by Microsoft Azure Sentinel | 4,607 | 6 days ago | |
| Playbooks Automation components by Ayehu | 7 | almost 2 years ago | |
| Playbooks Automation components part 2 by Ayehu | 4 | about 3 years ago | |
| Playbooks Automation components part 3 by Ayehu | 5 | almost 5 years ago | |
| Playbooks Automation components by ThreatConnect | 69 | 4 months ago | |
| Playbooks Automation components by Shuffle | 20 | about 2 years ago | |
| Playbooks Automation components part 2 by Shuffle | 100 | 6 days ago | |
| Playbooks Automation components by IBM Resilient Community | 91 | 6 days ago | |
| Playbooks Automation components by Rapid7 | 67 | 7 days ago | |
| Playbooks Automation components by TheHive Cortex | 434 | 13 days ago | |
| Playbooks Automation components part 2 by TheHive Cortex | 434 | 13 days ago | |
| Playbooks Automation components by WALKOFF | 1,204 | almost 2 years ago | |
| Playbooks Automation components by LogRhythm | | | |
Awesome-SOAR List / User-Communities |
| SOAR Telegram Group | | | |
Awesome-SOAR List / Market-Research |
| State of SOAR Report 2019 | | | |
| Gartner Market Guide for SOAR Solutions 2019 | | | |
| DFLABS Enterprise SOAR Buyers Guide 2019 | | | |
| Top 10 SOAR Solutions for 2019 | | | |
| Top Reviewed SOAR's on G2 | | | |
| SOAR Vendor comparison | | | |
| The 8 Best SOAR Security Companies for 2020 | | | |
| SANS 2020 Automation and Integration Survey Results | | | |
| PeerTalk™ Panel: SOAR Trends in 2020 and Beyond | | | |
Awesome-SOAR List / Articles |
| An OODA-driven SOC Strategy using: SIEM, SOAR and EDR | | | |
| Why a mature SIEM environment is critical for SOAR implementation | | | |
| 7 Steps to Building an Incident Response Playbook | | | |
| 8 Ways Playbooks Enhance Incident Response | | | |
| Top Security Orchestration Use Cases | | | |
| Security orchestration and automation checklist | | | |
Awesome-SOAR List / Presentations |
| Hacking your SOEL: SOC Automation and Orchestration – SANS Security Operations Summit 2018 | | | |
| Hacking your SOEL: SOC Automation and Orchestration – SANS Security Operations Summit 2018 - SLIDES | | | |
| Leveraging TheHive & Cortex for automated IR | | | |
| Cloud Security Automation: From Infrastructure to App | SANS Cloud Security Summit 2019 | | | |
| SANS Webcast: Automating Information Security with Python | | | |
Awesome-SOAR List / Training |
| SANS SEC573: Automating Information Security with Python | | | |
SOAR-Solutions / Commercial |
| Cortex XSOAR | | | Previously Demisto, now with Palo Alto Networks |
SOAR-Solutions / Commercial / Cortex XSOAR |
| Demisto Blog | | | |
| Palo Alto Blog | | | |
| Cortex XSOAR Webinar Videos on Youtube | | | |
| Demisto Webinar Videos on Youtube | | | |
| Palo Alto Networks Ignite Conference Videos Youtube | | | |
| Cortex XSOAR 30 Day Free Community Edition | | | |
| Several Free Foundational eLearning Courses | | | |
| Customer Case Studies | | | |
| Demisto, Cortex XSOAR Youtube video playlist | | | |
| Palo Alto Learning Center | | | |
| Cortex XSOAR Documentation | | | |
| Cortex XSOAR User Community | | | |
| Content Developer Portal | | | |
| XSOAR Github | 1,135 | 4 days ago | |
| XSOAR Youtube Channel | | | |
| PAN Twitter Page | | | |
| LinkedIN | | | |
| Online Slack Community | | | |
SOAR-Solutions / Commercial |
| DTonomy SOAR | | | |
SOAR-Solutions / Commercial / DTonomy SOAR |
| DTonomy Blog | | | |
| DTonomy Community | | | |
| DTonomy Quick Tutorial | | | |
| DTonomy Doc | | | |
| Request Enhancement Link | | | |
| DTonomy Youtube | | | |
| DTonomy Twitter | | | |
| DTonomy LinkedIN | | | |
| DTonomy Slack | | | |
SOAR-Solutions / Commercial |
| IBM Resilient | | | |
SOAR-Solutions / Commercial / IBM Resilient |
| IBM Security Resilient Community Blog | | | |
| IBM Resilient On-Demand Webinars | | | |
| IBM Resilient Webinar videos on Youtube | | | |
| Image can be downloaded here, but requires license | | | Not Available - |
| IBM Learning Academy - Couple of Free Courses | | | |
| IBM Resilient Youtube Videos | | | |
| IBM Learning Academy | | | |
| IBM Resilient Documentation | | | |
| IBM Security Resilient Support | | | |
| IBM Security Resilient Community Forum | | | |
| IBM Resilient Community Apps | 91 | 6 days ago | |
| IBM Security Resilient Ideas (RFE's) | | | |
| IBM Security Youtube Videos | | | |
| Older IBM Resilient Youtube Videos | | | |
| IBM Security | | | |
| IBM Resilient LinkedIN | | | |
SOAR-Solutions / Commercial |
| Splunk Phantom | | | |
SOAR-Solutions / Commercial / Splunk Phantom |
| Phantom Blog | | | |
| on demand webinars | | | |
| Phantom Youtube Webinars | | | |
| Splunk .Conf slides | | | |
| Free Community edition available for registered users | | | |
| Phantom Community Youtube Video | | | |
| Paid Instructor led training | | | |
| Phantom Documentation | | | |
| Splunk Support page | | | |
| Phantom User Community | | | |
| Phantom Github Repository | 82 | about 3 years ago | |
| Post Feature request in title on user forum | | | |
| Phantom Team Questions Thread | | | |
| Splunk Official Youtube | | | |
| Phantom on Twitter | | | |
| Phantom on LinkedIN | | | |
SOAR-Solutions / Commercial |
| Siemplify | | | |
SOAR-Solutions / Commercial / Siemplify |
| Siemplify Blog | | | |
| Siemplify Webinars | | | |
| Siemplify Community Edition | | | |
| Siemplify Trial Edition | | | |
| Siemplify Video Tour | | | |
| Siemplify Resources | | | |
| Siemplify Youtube | | | |
| User Forum | | | |
| Siemplify Support | | | |
| User Forum | | | |
| User Forum | | | |
| User Forum | | | |
| Siemplify Youtube | | | |
| Siemplify Twitter | | | |
| Siemplify LinkedIN | | | |
SOAR-Solutions / Commercial |
| Swimlane | | | Syncurity is now acquired by Swimlane |
SOAR-Solutions / Commercial / Swimlane |
| Swimlane Blog | | | |
| Swimlane Webinars | | | |
| Swimlane Conference | | | |
| SOAR Learning Hubg | | | |
| Swimlane Paid Training | | | |
| Swimlane Documentation | | | |
| Swimlane Support Portal | | | |
| SecOps Hub User forum | | | |
| App Developer Resources | | | |
| Swimlane Support Portal for feature requests | | | |
| Swimlane Youtube | | | |
| Swimlane Twitter | | | |
| Swimlane LinkedIN | | | |
SOAR-Solutions / Commercial |
| Rapid7 InsightConnect | | | |
SOAR-Solutions / Commercial / Rapid7 InsightConnect |
| Rapid7 Blog | | | |
| Rapid7 Webinars | | | |
| Rapid7 Conference | | | |
| Free Trial | | | |
| Free Learning Resources | | | |
| Online videos Youtube | | | |
| Training and Certification | | | |
| Rapid7 InsightConnect Documentation | | | |
| Support Login | | | |
| Rapid7 Login | | | |
| Rapid7 InsightConnect Developer instructions | | | |
| Rapid7 InsightConnect feature requests on github | 67 | 7 days ago | |
| Unofficial Rapid7 Reddit | | | |
| Rapid7 youtube | | | |
| Rapid7 Twitter | | | |
| Rapid7 LinkedIN | | | |
SOAR-Solutions / Commercial |
| ThreatConnect | | | |
SOAR-Solutions / Commercial / ThreatConnect |
| ThreatConnect Blog | | | |
| ThreatConnect Webinars | | | |
| ThreatConnect Events | | | |
| ThreaConnect Learning Portal | | | |
| ThreatConnect Resources | | | |
| ThreaConnect Learning Portal | | | |
| ThreatConnect Documentation | | | |
| ThreatConnect Support | | | |
| ThreatConnect Community | | | |
| ThreatConnect Apps | | | |
| ThreatConnect Developer Github | 8 | 16 days ago | |
| ThreatConnect Support | | | |
| ThreatConnect Reddit | | | |
| ThreatConnect Youtube | | | |
| ThreatConnect Twitter | | | |
| ThreatConnect LinkedIN | | | |
| ThreatConnect Slack Channel | | | |
SOAR-Solutions / Commercial |
| ATAR | | | Now part of Micro Focus (ArcSight) |
SOAR-Solutions / Commercial / ATAR |
| Atar Blog | | | |
| Atar Resources | | | |
| Atar Youtube videos | | | |
| Atar Videos | | | |
| Atar Youtube | | | |
| Atar Twitter | | | |
| Atar LinkedIN | | | |
SOAR-Solutions / Commercial |
| Ayehu | | | |
SOAR-Solutions / Commercial / Ayehu |
| Ayehu Blog | | | |
| Ayehu Webinars | | | |
| Ayehu Conference resources | | | |
| Ayehu 30 day free trial | | | |
| Ayehu Resource Center | | | |
| Ayehu Free Training Courses | | | |
| Ayehu paid Training Courses | | | |
| Ayehu Documentation | | | |
| Ayehu Support Portal | | | |
| Ayehu User Community | | | |
| Ayehu App development | 7 | almost 2 years ago | |
| Ayehu Support Portal | | | |
| Ayehu Youtube | | | |
| Ayehu Twitter | | | |
| Ayehu LinkedIN Group | | | |
SOAR-Solutions / Commercial |
| FortiSOAR | | | Previously called CyberSponse, Now part of Fortinet |
SOAR-Solutions / Commercial / FortiSOAR |
| FortiSOAR Blog | | | |
| Fortinet Webinar events | | | |
| Fortinet Conference events | | | |
| Free 45 day Community Edition | | | |
| FortiSOAR Resources | | | |
| FortiSOAR Youtube Videos | | | |
| FortiSOAR training | | | |
| FortiSOAR Documentation | | | |
| FortiSOAR SUpport | | | |
| FortiSOAR Community | | | |
| FortiSOAR SUpport | | | |
| Fortinet Reddit | | | |
| FortiSOAR Youtube | | | |
| FortiSOAR Twitter | | | |
| FortiSOAR LinkedIN | | | |
SOAR-Solutions / Commercial |
| D3 SOAR | | | |
SOAR-Solutions / Commercial / D3 SOAR |
| D3 SOAR Blog | | | |
| D3 Security | | | |
| D3 SOAR Conference resources | | | |
| D3 SOAR resources | | | |
| D3 Security Tech Docs | | | |
| D3 Security Youtube | | | |
| D3 Security Twitter | | | |
| D3 Security LinkedIN | | | |
SOAR-Solutions / Commercial |
| DFLabs IncMan SOAR | | | |
SOAR-Solutions / Commercial / DFLabs IncMan SOAR |
| DFLabs Blog | | | |
| DFLabs Webinars | | | |
| DFLabs Conference | | | |
| DFLabs IncMan SOAR Community Edition | | | |
| DFLabs Community portal | | | |
| DFLabs Support portal | | | |
| DFLabs Community portal | | | |
| DFLabs Community portal | | | |
| DFLabs Youtube | | | |
| DFLabs Twitter | | | |
| DFLabs LinkedIN | | | |
SOAR-Solutions / Commercial |
| Resolve SOAR | | | |
SOAR-Solutions / Commercial / Resolve SOAR |
| Resolve SOAR Blog | | | |
| Resolve SOAR Webinars | | | |
| Resolve SOAR Webinars | | | |
| Resolve SOAR Vimeo Videos | | | |
| Resolve Training | | | |
| Resolve SOAR Support portal | | | |
| Resolve SOAR Support portal | | | |
| Resolve SOAR Vimeo | | | |
| Resolve SOAR Twitter | | | |
| Resolve SOAR LinkedIN | | | |
SOAR-Solutions / Commercial |
| ServiceNow SecOps | | | |
SOAR-Solutions / Commercial / ServiceNow SecOps |
| ServiceNow Blog | | | |
| ServiceNow Secops Webinars | | | |
| ServiceNow Knowledge | | | |
| ServiceNow SecOps Paid Training | | | |
| ServiceNow SecOps Documentation | | | |
| ServiceNow Support | | | |
| ServiceNow Secops User Forum | | | |
| ServiceNow Secops integration | | | |
| ServiceNow Support | | | |
| ServiceNow Reddit Community | | | |
| ServiceNow Youtube | | | |
| ServiceNow Twitter | | | |
| ServiceNow LinkedIN | | | |
SOAR-Solutions / Commercial |
| SIRP SOAR | | | |
SOAR-Solutions / Commercial / SIRP SOAR |
| SIRP Blog | | | |
| SIRP Webinars | | | |
| SIRP Webinars | | | |
| SIRP Youtube | | | |
| SIRP Twitter | | | |
| SIRP LinkedIN | | | |
SOAR-Solutions / Commercial |
| Tines | | | |
SOAR-Solutions / Commercial / Tines |
| Tines Blog | | | |
| Tines - Free Community Edition | | | |
| Tines Docs | | | |
| Tines Reddit Account | | | |
| Tines Youtube | | | |
| @tines_io | | | |
| Tines LinkedIn | | | |
SOAR-Solutions / SIEM-with-SOAR-Included |
| Microsoft Azure Sentinel | | | Logic Apps used as SOAR Functionality |
SOAR-Solutions / SIEM-with-SOAR-Included / Microsoft Azure Sentinel |
| Product Blog | | | |
| Security Webinars List | | | |
| Ignite 2019 Recap | | | |
| Free Trial on Azure Cloud | | | |
| Azure Sentinel Ninja | | | |
| Azure Documentation | | | |
| Azure Support | | | |
| Azure Sentinel User forum | | | |
| Github Repository | 4,607 | 6 days ago | |
| Azure Sentinel Product Feedback | | | |
| Azure Sentinel Reddit | | | |
| Azure Sentinel Youtube | | | |
| Azure Sentinel Twitter | | | |
| Azure Sentinel LinkedIN | | | |
| Azure Sentinel Telegram group | | | |
| Azure Sentinel Telegram Feed group | | | |
SOAR-Solutions / SIEM-with-SOAR-Included |
| Securonix SOAR | | | |
SOAR-Solutions / SIEM-with-SOAR-Included / Securonix SOAR |
| Securonix Blog | | | |
| Securonix Webinars | | | |
| Securonix Conference Videos on Youtube | | | |
| Securonix Paid Training | | | |
| Securonix Documentation | | | |
| Securonix Support | | | |
| Securonix User Forum | | | |
| Securonix SOAR App Development | | | |
| Securonix Apps on Github | 0 | over 6 years ago | |
| Securonix Feature Requests | | | |
| Securonix on Reddit | | | |
| Securonix on Youtube | | | |
| Securonix on Twitter | | | |
| Securonix LinkedIN | | | |
SOAR-Solutions / SIEM-with-SOAR-Included |
| LogRhythm SOAR | | | |
SOAR-Solutions / SIEM-with-SOAR-Included / LogRhythm SOAR |
| LogRhythm Blog | | | |
| LogRhythm Webinars | | | |
| LogRhythm Conference Videos on Youtube | | | |
| Available Only For Network Monitors | | | |
| Free Training Videos | | | |
| LogRhythm Paid Training | | | |
| LogRhythm Documentation | | | |
| LogRhythm Support | | | |
| LogRhythm User Forum | | | |
| LogRhythm Apps on Github | | | |
| LogRhythm Feature Requests | | | |
| LogRhythm on Reddit | | | |
| LogRhythm on Youtube | | | |
| LogRhythm on Twitter | | | |
| LogRhythm LinkedIN | | | |
| LogRhythm Telegram group | | | |
SOAR-Solutions / SIEM-with-SOAR-Included |
| RSA NetWitness Orchestrator | | | Based off Demisto or ThreatConnect |
SOAR-Solutions / SIEM-with-SOAR-Included / RSA NetWitness Orchestrator |
| RSA NetWitness Orchestrator Blog | | | |
| RSA NetWitness Orchestrator Webinars | | | |
| RSA Conference presentations | | | |
| RSA Netwitness Orchestrator Training | | | |
| RSA Netwitness Orchestrator Training | | | |
| RSA NetWitness Orchestrator Documentation | | | |
| RSA Support | | | |
| RSA Support | | | |
| RSA Support | | | |
| RSA Youtube | | | |
| RSA Twitter | | | |
| RSA Linkedin | | | |
SOAR-Solutions / Open-Source |
| TheHive | | | |
SOAR-Solutions / Open-Source / TheHive |
| TheHive Product Blog | | | |
| TheHive Youtube Videos | | | |
| TheHive Conference Youtube Videos | | | |
| TheHive is Open Source Software and completely free to download | 3,446 | almost 2 years ago | |
| Free Training Material | 392 | about 1 year ago | |
| TheHive Documentation | 392 | about 1 year ago | |
| Log issue at Github | 3,446 | almost 2 years ago | |
| Google Groups for User | | | |
| How to write analyzers | 170 | about 1 year ago | |
| Create feature requests are made on github issues | 3,446 | almost 2 years ago | |
| TheHive Twitter Account | | | |
| TheHive Gitter | | | |
SOAR-Solutions / Open-Source |
| Shuffle | | | |
SOAR-Solutions / Open-Source / Shuffle |
| Creator Medium Blog | | | |
| Open Source on-prem edition | 1,741 | 4 days ago | |
| Free On-Cloud version | | | |
| Introduction blog | | | |
| Shuffle Documentation | | | |
| Contact information | | | |
| Create App from Scratch | | | |
| Create issue on github | 1,741 | 4 days ago | |
| Shuffle Introduction | | | |
| Shuffle Creator Twitter | | | |
| Online Gitter Chat | | | |
SOAR-Solutions / Open-Source |
| WALKOFF | | | |
SOAR-Solutions / Open-Source / WALKOFF |
| WALKOFF CONFERENCE SLIDES | 1,204 | almost 2 years ago | |
| WALKOFF Open Source Github Repository | 1,204 | almost 2 years ago | |
| WALKOFF Toturials | | | |
| WALKOFF DOCUMENTATION | | | |
| WALKOFF DOCUMENTATION on Github | | | |
| E-Mail WALKFOFF Support | | | |
| APP DEVELOPMENT INSTRUCTIONS | | | |
| Create issue on Github | 1,204 | almost 2 years ago | |
SOAR-Solutions / Open-Source |
| catalyst | 350 | 13 days ago | |
Awesome-SOAR 
sbilly/awesome-security
0x4d31/detection-and-response-pipeline
counteractive/incident-response-plan-template
emalderson/thephish