Your Open-Source SOC Assistant
Table of Contents
Welcome to Your Open-Source SOC Assistant, your go-to solution for improving your organization's security operations center (SOC). Built into our favorite Open-Source tools, ASK SOCFortress help analysts investigate alerts that pertain to IPs, domains, and file hashes. ASK SOCFortress streamlines and simplifies SOC investigations, saving time and improving accuracy.
Whether you're a security analyst or a member of a SOC team, Your Open-Source SOC Assistant can help you investigate alerts and provide technical assistance to enhance your security posutre. The module currently integrates with DFIR-IRIS (Shuffle coming soon) making it a valuable addition to any security operations workflow.
Our open-source project is constantly evolving, with new playbooks, features, and integrations. We welcome contributions and feedback from the community, so please feel free to get involved and help make ASK SOCFortress even better.
Get started today and see how ASK SOCFortress can take your security operations to the next level.
Currently, ASK SOCFortress can be ran as DFIR-IRIS Module.
Get started with DFIR-IRIS: Video Tutorial
- Fetch the
ASK SOCFortressRepogit clone https://github.com/socfortress/ASK-SOCFortress cd ASK-SOCFortress - Install the module
./buildnpush2iris.sh -a
Once installed, configure the module to include:
- API Key
- Firewall Vendor
- Navigate to
Advanced -> Modules
- Add a new module
- Input the Module name:
iris_asksocfortressbeta_module
- Configure the module
To run the module select Case -> IOC and select the dropdown menu.
Beta currently supports IoC of type:
ip, domain, md5, sha224, sha256, sha512
Auto refresh is coming soon
If you are experiencing issues, please contact us at
[email protected]