https://github.com/SecurityBrewery/catalyst

Catalyst is an open source SOAR and ticket system that helps to automate alert handling and incident response processes
https://github.com/SecurityBrewery/catalyst

dfir digital-forensics incident-response soar

Last synced: 10 days ago
JSON representation

Catalyst is an open source SOAR and ticket system that helps to automate alert handling and incident response processes

• Host: GitHub
• URL: https://github.com/SecurityBrewery/catalyst
• Owner: SecurityBrewery
• License: agpl-3.0
• Created: 2021-12-12T23:37:50.000Z (about 3 years ago)
• Default Branch: main
• Last Pushed: 2024-04-19T12:22:01.000Z (9 months ago)
• Last Synced: 2024-04-19T13:39:30.444Z (9 months ago)
• Topics: dfir, digital-forensics, incident-response, soar
• Language: Go
• Homepage: https://catalyst-soar.com
• Size: 7.59 MB
• Stars: 268
• Watchers: 5
• Forks: 32
• Open Issues: 11
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Codeowners: CODEOWNERS

Awesome Lists containing this project

• awesome-rainmana - SecurityBrewery/catalyst - ⚡️ Catalyst is a self-hosted, open source incident response platform and ticket system that helps to automate alert handling and incident response processes (Vue)

README

        


  

    

    

  

  Catalyst

Speed up your reactions



Website

- 

The Catalyst Handbook (Documentation)

-

Demo



Catalyst is an incident response platform.

It can help to automate your alert handling and incident response procedures.

## Features

### Ticket (Alert & Incident) Management

Tickets are the core of Catalyst.

They represent alerts, incidents, forensics investigations,

threat hunts or any other event you want to handle in your organisation.

    

      

    

### Tasks

Tasks are the smallest unit of work in Catalyst. They can be assigned to users and have a status.

Tasks can be used to document the progress of an investigation or to assign work to different users.

    

      

    

### Reactions

Reactions are a way to automate Catalyst.

Each reaction is composed of a trigger and an action.

The trigger listens for events and the action is executed when the trigger is activated.

There are triggers for HTTP/Webhooks and Collection Hooks and actions for Python and HTTP/Webhooks.

    

      

    

### Timelines

Timelines are used to document the progress of an investigation.

They can be used to document the steps taken during an investigation, the findings or the results of the investigation.

### Dashboards

Catalyst comes with a dashboard that presents the most important information at a glance.

    

        

    

### Ticket Types

Templates define the custom information for tickets.

The core information for tickets like title, creation date or closing status is kept quite minimal

and other information like criticality, description or MITRE ATT&CK information can be added individually.

### Custom Fields

Custom fields can be added to tickets to store additional information.

They can be used to store information like the affected system, the attacker's IP address or the type of malware.

Custom fields can be added to ticket types and are then available for all tickets of this type.

### More

Catalyst supports a lot more features like: Links, Files, or Comments on tickets.