SOCless is a serverless framework built to help security teams easily automate their incident response and operations workflows.
SOCless uses the AWS Step Functions and AWS Lambda services to execute user-defined workflows. The workflows, called Playbooks, are defined as JSON objects and triggered by real-time alerts from data sources or AWS CloudWatch schedules.
- Responds to real-time or scheduled events
- Orchestrates existing security tools into workflows using AWS Lambda functions written in Python 3
- Interact with humans as part of automated workflows and adapt to their responses
- Static IP address that can be whitelisted to internal resources
- Rapid automation development life-cycle courtesy of reusable, modular and shareable plugins
- Infrastructure and response workflows deploy as code using The Serverless Framework
- Serverless design has low cost, low operational overhead, and scales effortlessly
Ready? Check out the docs!
Join our community Slack workspace
SOCless documentation is contained in the docs folder and is powered by MkDocs and MkDocs Material. The built docs are hosted on Github pages
To setup your environment for building the docs
python3 -m venv venv
. venv/bin/activate
pip install -r docs-requirements.txt
To serve the docs locally (after setup)
mkdocs serve
To deploy the docs to Github pages
mkdocs gh-deploy
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
