Question 1

How to choose between commercial and open-source SOAR?

Accepted Answer

The Awesome-SOAR list provides separate directories for both, including community editions and trial links for tools like Cortex XSOAR and TheHive. Review the support resources and integration capabilities listed to match your team's budget and technical needs.

Question 2

What are the best open-source SOAR tools in 2024?

Accepted Answer

Based on the README, key open-source options include TheHive, Shuffle, and WALKOFF, each with GitHub links and documentation. However, verify their active development status as the list might not have recent updates.

Question 3

How to create SOAR playbooks from scratch?

Accepted Answer

Use the Playbooks-Resources section for templates from AWS, Societe Generale, and others, and refer to Automation-Resources for scripts from vendors like Phantom and Microsoft Azure Sentinel to build custom workflows.

Question 4

SOAR vs SIEM: which one do I need first?

Accepted Answer

The list includes articles explaining the relationship, such as 'Why a mature SIEM environment is critical for SOAR implementation.' Start with SIEM for alerting, then add SOAR for automation, as many solutions like Azure Sentinel combine both.

Question 5

Where can I find SOAR training courses for beginners?

Accepted Answer

Check the Training section for courses like SANS SEC573 and vendor-specific free learning links from Palo Alto or IBM. The curated list aggregates options but doesn't guarantee current availability or quality.

Question 6

How to contribute or update the Awesome-SOAR list?

Accepted Answer

Follow the contribution guidelines linked in the README to submit pull requests for new resources or corrections, ensuring the list stays relevant through community efforts.

Awesome SOAR

What is Awesome SOAR?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions