This repository contains examples of SOAR playbooks, scripts, and tool-specific automation snippets designed to accelerate incident response and improve security operations efficiency.
Showcase real-world automation patterns and helper scripts for:
- Phishing triage
- IOC enrichment
- Cloud incident remediation
- Notifications and integrations
playbooks/phishing-triage-pseudocode.mdβ Pseudocode for automating phishing triage.playbooks/ioc-enrichment-workflow.mdβ Workflow for automated IOC enrichment.playbooks/cloud-remediation-pseudocode.mdβ Pseudocode for cloud security incident auto-remediation.
scripts/extract-iocs.pyβ Extracts indicators (URLs, IPs) from text for automation workflows.scripts/enrich-url.pyβ Stub script for querying URL reputation APIs (e.g., VirusTotal).scripts/slack-notify.pyβ Sends Slack alerts from automated workflows.
xsoar/phishing-extract-indicators.ymlβ Extract indicators from emails using XSOAR automation.
scripts/splunk-soar/enrich-ip.jsonβ Playbook node for enriching IPs with threat intel queries.
sentinel/isolate-vm-logicapp.jsonβ Logic App JSON for isolating VMs upon critical alert detection.
π§ In progress β More playbooks, code samples, and diagrams coming soon!