Hello All,
Can anyone please suggest open source SOAR that works well with ELK Stack?
Thank You.
Would this help?
Hi, thanks for sharing.
This talk about case management in ELK Security.
Does ELK have SOAR platform for automation & Response? Please share the documentation if you have it.
On the same page I linked, if you go down, you will see more information. Not only the talk.
Automate investigation and response
Automate repetitive steps to unleash analysts to tackle problems meriting human creativity and problem solving. Deploy autonomous and analyst-invoked actions to end attacks faster than they start. Begin with built-in actions and progress further with custom responses. Evolve into advanced workflows enabled by integrations with third-party platforms.
If you click on that link, it gives another page:
I'm not expert at all in that domain so I don't know if that answers your question.
Elastic does not have a SOAR, they have integrations with some SOAR tools, but these integrations requires a paid license.
If you are using the basic license you will need to write something to get the data from your elasticsearch and send to your SOAR, or use a third party tool that already can do that, like ElastAlert2 that can send data using a https webhook.
One opensource SOAR that you can use is Shuffle (https://shuffler.io)