[peaktwilight]

I work as a cyber defense engineer in the SOC of one of the largest companies in my country. We've tried many SOAR platforms over the years and we've never figured out a good solution to simplify the lives of our less technical analysts while allowing our technical staff to quickly and easily iterate our platbooksa and tweak processes, sometimes using coding ai tools.

The problem is usually that they each have their own custom abstraction layer when defining actions / playbooks. Some are low-code (like swimline) so you gotta mess around with some UI bs when configuring a new use-case, and it doesn't even have proper Git versioning, while some have yaml for everything < this sounds cool until you actually have like 1000 playbooks that are a pain to deal with and not as good as full on code. Also those who support "custom-code" via python are usually sandboxing runners to an extent that most of the customization is barely possible...

I'm not even going to get into the costs that most platforms require when adding all these features, but in any case I've been building the perfect tool for myself, and I know a bunch of colleagues around here dreaming of a solution like this as well.. It's fully open-source, please contribute and try it out if it is also useful to you!

Appreciate yall, as much as I hate marketing, without some sort of feedback from more users, it would be difficult to iterate and know where to improve!

Thanks for reading this far :D have a nice day