├── .DS_Store ├── .gitignore ├── .vscode └── settings.json ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── DEV_iris_alert.json ├── DEV_kibana_alert.json ├── LICENSE ├── README.md ├── SECURITY.md ├── __init__.py ├── alert_playbooks ├── PB_Alerts_to_Matrix.py ├── PB_Create_Case_for_Multiple_Host_Alerts.py └── __init__.py ├── case_playbooks ├── PB_010_Generic_Elastic_Alerts.py ├── PB_011_Generic_QRadar_Offenses.py ├── PB_020_Generic_Suricata_Alerts.py ├── PB_021_Advanced_Elastic_Context.py ├── PB_022_Generic_NTOPNG_Alerts.py ├── PB_110_Generic_VirusTotal.py ├── PB_900_Classify_and_Notify.py ├── __init__.py ├── bb_elastic_context_fetcher.py ├── bb_elastic_process_context.py └── bb_qradar_context_fetcher.py ├── configs ├── config.yml └── template.yml ├── docs ├── Makefile ├── make.bat └── source │ ├── architecture.rst │ ├── changelog.rst │ ├── conf.py │ ├── contributing.rst │ ├── examples.rst │ ├── features.rst │ ├── index.rst │ ├── installation.rst │ ├── license.rst │ ├── to-do.rst │ └── usage.rst ├── integrations ├── __init__.py ├── elastic_siem.py ├── example_template.py ├── ibm_qradar.py ├── matrix_notify.py └── virus_total.py ├── iris-soar.py ├── isoar_alert_collector.py ├── isoar_case_worker.py ├── isoar_daemon.py ├── lib ├── __init__.py ├── cache.json ├── class_helper.py ├── config_helper.py ├── generic_helper.py ├── iris_helper.py └── logging_helper.py ├── pyproject.toml ├── pytest_man.sh ├── requirements.txt ├── setup.py └── tests ├── __init__.py ├── alert_playbooks └── test_PB_Create_Case_for_Multiple_Host_Alerts.py ├── case_playbooks ├── test_010_Generic_Elastic_Alerts.py ├── test_011_Generic_QRadar_Offenses.py ├── test_020_Generic_Suricata_Alerts.py ├── test_021_Advanced_Elastic_Context.py ├── test_022_Generic_NTOPNG_Alerts.py ├── test_110_Generic_VirusTotal.py ├── test_900_Classify_and_Notify.py └── test_bb_elastic_process_context.py ├── integrations ├── test_elastic_siem.py ├── test_ibm_qradar.py ├── test_matrix_notify.py └── test_virus_total.py ├── pytest.ini ├── test_isoar_core.py └── test_isoar_lib.py /.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/.DS_Store -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/.gitignore -------------------------------------------------------------------------------- /.vscode/settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/.vscode/settings.json -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/CODE_OF_CONDUCT.md -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/CONTRIBUTING.md -------------------------------------------------------------------------------- /DEV_iris_alert.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/DEV_iris_alert.json -------------------------------------------------------------------------------- /DEV_kibana_alert.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/DEV_kibana_alert.json -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/README.md -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/SECURITY.md -------------------------------------------------------------------------------- /__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /alert_playbooks/PB_Alerts_to_Matrix.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/alert_playbooks/PB_Alerts_to_Matrix.py -------------------------------------------------------------------------------- /alert_playbooks/PB_Create_Case_for_Multiple_Host_Alerts.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/alert_playbooks/PB_Create_Case_for_Multiple_Host_Alerts.py -------------------------------------------------------------------------------- /alert_playbooks/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /case_playbooks/PB_010_Generic_Elastic_Alerts.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/case_playbooks/PB_010_Generic_Elastic_Alerts.py -------------------------------------------------------------------------------- /case_playbooks/PB_011_Generic_QRadar_Offenses.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/case_playbooks/PB_011_Generic_QRadar_Offenses.py -------------------------------------------------------------------------------- /case_playbooks/PB_020_Generic_Suricata_Alerts.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/case_playbooks/PB_020_Generic_Suricata_Alerts.py -------------------------------------------------------------------------------- /case_playbooks/PB_021_Advanced_Elastic_Context.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/case_playbooks/PB_021_Advanced_Elastic_Context.py -------------------------------------------------------------------------------- /case_playbooks/PB_022_Generic_NTOPNG_Alerts.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/case_playbooks/PB_022_Generic_NTOPNG_Alerts.py -------------------------------------------------------------------------------- /case_playbooks/PB_110_Generic_VirusTotal.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/case_playbooks/PB_110_Generic_VirusTotal.py -------------------------------------------------------------------------------- /case_playbooks/PB_900_Classify_and_Notify.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/case_playbooks/PB_900_Classify_and_Notify.py -------------------------------------------------------------------------------- /case_playbooks/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /case_playbooks/bb_elastic_context_fetcher.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/case_playbooks/bb_elastic_context_fetcher.py -------------------------------------------------------------------------------- /case_playbooks/bb_elastic_process_context.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/case_playbooks/bb_elastic_process_context.py -------------------------------------------------------------------------------- /case_playbooks/bb_qradar_context_fetcher.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/case_playbooks/bb_qradar_context_fetcher.py -------------------------------------------------------------------------------- /configs/config.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/configs/config.yml -------------------------------------------------------------------------------- /configs/template.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/configs/template.yml -------------------------------------------------------------------------------- /docs/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/docs/Makefile -------------------------------------------------------------------------------- /docs/make.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/docs/make.bat -------------------------------------------------------------------------------- /docs/source/architecture.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/docs/source/architecture.rst -------------------------------------------------------------------------------- /docs/source/changelog.rst: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /docs/source/conf.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/docs/source/conf.py -------------------------------------------------------------------------------- /docs/source/contributing.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/docs/source/contributing.rst -------------------------------------------------------------------------------- /docs/source/examples.rst: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /docs/source/features.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/docs/source/features.rst -------------------------------------------------------------------------------- /docs/source/index.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/docs/source/index.rst -------------------------------------------------------------------------------- /docs/source/installation.rst: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /docs/source/license.rst: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /docs/source/to-do.rst: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /docs/source/usage.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/docs/source/usage.rst -------------------------------------------------------------------------------- /integrations/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /integrations/elastic_siem.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/integrations/elastic_siem.py -------------------------------------------------------------------------------- /integrations/example_template.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/integrations/example_template.py -------------------------------------------------------------------------------- /integrations/ibm_qradar.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/integrations/ibm_qradar.py -------------------------------------------------------------------------------- /integrations/matrix_notify.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/integrations/matrix_notify.py -------------------------------------------------------------------------------- /integrations/virus_total.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/integrations/virus_total.py -------------------------------------------------------------------------------- /iris-soar.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/iris-soar.py -------------------------------------------------------------------------------- /isoar_alert_collector.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/isoar_alert_collector.py -------------------------------------------------------------------------------- /isoar_case_worker.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/isoar_case_worker.py -------------------------------------------------------------------------------- /isoar_daemon.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/isoar_daemon.py -------------------------------------------------------------------------------- /lib/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /lib/cache.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/lib/cache.json -------------------------------------------------------------------------------- /lib/class_helper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/lib/class_helper.py -------------------------------------------------------------------------------- /lib/config_helper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/lib/config_helper.py -------------------------------------------------------------------------------- /lib/generic_helper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/lib/generic_helper.py -------------------------------------------------------------------------------- /lib/iris_helper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/lib/iris_helper.py -------------------------------------------------------------------------------- /lib/logging_helper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/lib/logging_helper.py -------------------------------------------------------------------------------- /pyproject.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/pyproject.toml -------------------------------------------------------------------------------- /pytest_man.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/pytest_man.sh -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/requirements.txt -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/setup.py -------------------------------------------------------------------------------- /tests/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/alert_playbooks/test_PB_Create_Case_for_Multiple_Host_Alerts.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/tests/alert_playbooks/test_PB_Create_Case_for_Multiple_Host_Alerts.py -------------------------------------------------------------------------------- /tests/case_playbooks/test_010_Generic_Elastic_Alerts.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/tests/case_playbooks/test_010_Generic_Elastic_Alerts.py -------------------------------------------------------------------------------- /tests/case_playbooks/test_011_Generic_QRadar_Offenses.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/tests/case_playbooks/test_011_Generic_QRadar_Offenses.py -------------------------------------------------------------------------------- /tests/case_playbooks/test_020_Generic_Suricata_Alerts.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/tests/case_playbooks/test_020_Generic_Suricata_Alerts.py -------------------------------------------------------------------------------- /tests/case_playbooks/test_021_Advanced_Elastic_Context.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/tests/case_playbooks/test_021_Advanced_Elastic_Context.py -------------------------------------------------------------------------------- /tests/case_playbooks/test_022_Generic_NTOPNG_Alerts.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/tests/case_playbooks/test_022_Generic_NTOPNG_Alerts.py -------------------------------------------------------------------------------- /tests/case_playbooks/test_110_Generic_VirusTotal.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/tests/case_playbooks/test_110_Generic_VirusTotal.py -------------------------------------------------------------------------------- /tests/case_playbooks/test_900_Classify_and_Notify.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/tests/case_playbooks/test_900_Classify_and_Notify.py -------------------------------------------------------------------------------- /tests/case_playbooks/test_bb_elastic_process_context.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/tests/case_playbooks/test_bb_elastic_process_context.py -------------------------------------------------------------------------------- /tests/integrations/test_elastic_siem.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/tests/integrations/test_elastic_siem.py -------------------------------------------------------------------------------- /tests/integrations/test_ibm_qradar.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/tests/integrations/test_ibm_qradar.py -------------------------------------------------------------------------------- /tests/integrations/test_matrix_notify.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/tests/integrations/test_matrix_notify.py -------------------------------------------------------------------------------- /tests/integrations/test_virus_total.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/tests/integrations/test_virus_total.py -------------------------------------------------------------------------------- /tests/pytest.ini: -------------------------------------------------------------------------------- 1 | [pytest] 2 | pythonpath = "/Users/martin/Documents/GitHub/IRIS-SOAR" -------------------------------------------------------------------------------- /tests/test_isoar_core.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/tests/test_isoar_core.py -------------------------------------------------------------------------------- /tests/test_isoar_lib.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/swiftbird07/IRIS-SOAR/HEAD/tests/test_isoar_lib.py --------------------------------------------------------------------------------