Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://twilio-labs.github.io/socless/

The SOCless automation framework
https://twilio-labs.github.io/socless/

Last synced: about 1 month ago
JSON representation

The SOCless automation framework

Host: GitHub
URL: https://twilio-labs.github.io/socless/
Owner: twilio-labs
License: apache-2.0
Created: 2019-09-12T18:31:38.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2023-12-19T17:57:55.000Z (about 1 year ago)
Last Synced: 2024-04-14T03:10:51.208Z (8 months ago)
Language: Python
Size: 3.77 MB
Stars: 123
Watchers: 9
Forks: 23
Open Issues: 23
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-csirt - SOCless - labs/socless) (Links)

README

# SOCless - serverless security orchestration, automation and response

SOCless is a serverless framework built to help security teams easily automate their incident response and operations workflows.

# Overview

SOCless uses the AWS Step Functions and AWS Lambda services to execute user-defined workflows. The workflows, called Playbooks, are defined as JSON objects and triggered by real-time alerts from data sources or AWS CloudWatch schedules.

![](https://twilio-labs.github.io/socless/imgs/socless-base-architecture.png)

Features
---
- Responds to real-time or scheduled events
- Orchestrates existing security tools into workflows using AWS Lambda functions written in Python 3
- Interact with humans as part of automated workflows and adapt to their responses
- Static IP address that can be whitelisted to internal resources
- Rapid automation development life-cycle courtesy of reusable, modular and shareable plugins
- Infrastructure and response workflows deploy as code using [The Serverless Framework](https://serverless.com)
- Serverless design has low cost, low operational overhead, and scales effortlessly

Ready? Check out the [docs!](https://twilio-labs.github.io/socless/)

Join our [community Slack workspace](https://join.slack.com/t/socless/shared_invite/enQtODA3ODEzNzcwNDgxLTBiYjVjYjI4ODI4YTY5YzM4OWRlYjQ1Yzg4M2EzMGUzMGMyYThlN2U5NTI5OWIwZWE1ZTcwNjA2MjgyZDRmMjg)

# Development Guide

## Building and Redeploying the Docs

SOCless documentation is contained in the docs folder and is powered by [MkDocs](https://www.mkdocs.org/) and [MkDocs Material](https://squidfunk.github.io/mkdocs-material/). The built docs are hosted on Github pages

**To setup your environment for building the docs**

```
python3 -m venv venv
. venv/bin/activate
pip install -r docs-requirements.txt
```

**To serve the docs locally (after setup)**
```
mkdocs serve
```

**To deploy the docs to Github pages**
```
mkdocs gh-deploy
```