-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Co-authored-by: Hidde-Jan Jongsma <hidde-jan.jongsma@tno.nl> Co-authored-by: Maarten de Kruijf <maarten.dekruijf@tno.nl>
- Loading branch information
1 parent
23673ec
commit 6a3660f
Showing
101 changed files
with
312 additions
and
848 deletions.
There are no files selected for viewing
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes
File renamed without changes
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
File renamed without changes.
File renamed without changes
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
--- | ||
title: SOARCA Documentation | ||
linkTitle: Docs | ||
menu: {main: {weight: 20}} | ||
weight: 20 | ||
--- | ||
|
||
|
||
{{% alert title="Warning" color="warning" %}} | ||
SOARCA is currently in its **alpha release**, with ongoing evelopment aimed at expanding its capabilities, improving integration, and enhancing its functionalities. You can track our progress and upcoming milestones at [LINK TO ROADMAP]. | ||
|
||
We warmly welcome contributions to our repository. You can find the guidelines for contributing [here](/docs/contribution-guidelines). | ||
{{% /alert %}} | ||
|
||
SOARCA, an open-source SOAR (Security Orchestration, Automation and Response) tool developed by TNO, is designed be vendor-agnostic, allowing it to orchestrate various security actuators and systems. SOARCA is the first SOAR that aims to be compliant with the [CACAO v2.0](https://docs.oasis-open.org/cacao/security-playbooks/v2.0/security-playbooks-v2.0.html) standard. | ||
|
||
SOARCA enables cyber defenders to coordinate and automate their cyber operations, by using executable CACAO playbooks. | ||
|
||
SOARCA aims to achieve the following goals: | ||
|
||
- **Standard Compliance**: Adhering to the latest standards, including [CACAO v2.0](https://docs.oasis-open.org/cacao/security-playbooks/v2.0/security-playbooks-v2.0.html) and [OpenC2](https://openc2.org/), allows for interopability with a wide range of technologies. | ||
- **Extensibility with Open Interfaces**: Enjoy the flexibility of an extensible tool featuring open and well-defined interfaces, promoting adaptability, customization, and experimentation. | ||
- **Open-Source**: Embrace an open-source model that not only offers cost-effective solutions but also supports unrestricted use and adaptation for research purposes. | ||
|
||
|
||
Interested in the vision and concepts of SOARCA? Then check the [SOARCA vision and concepts](/docs/concepts/). | ||
|
||
|
||
## SOARCA capabilities | ||
|
||
SOARCA currently supports the following transport mechanisms: | ||
|
||
<div class="works-well-with"> | ||
{{< cardpane >}} | ||
{{% card header="OpenC2 - Native" %}} | ||
[![OpenC2](/images/logos-external/openc2.svg)](/docs/soarca-extentions/native-capabilities/#openc2-capability) | ||
{{% /card %}} | ||
|
||
{{% card header="HTTP - Native" %}} | ||
[![Http](/images/logos-external/http.svg)](/docs/soarca-extentions/native-capabilities/#http-api-capability) | ||
{{% /card %}} | ||
|
||
{{% card header="SSH - Native" %}} | ||
[![Ssh](/images/logos-external/ssh.svg)](/docs/soarca-extentions/native-capabilities/#ssh-capability) | ||
{{% /card %}} | ||
{{< /cardpane >}} | ||
</div> | ||
|
||
|
||
## Features of SOARCA | ||
|
||
|
||
|
||
## Where do I start? | ||
|
||
{{% alert title="primary" color="primary" %}} | ||
Following our [Getting started](/docs/getting-started/) guide will help you setup SOARCA and configure the SOAR for your internal security tooling. For more custom requirement | ||
{{% /alert %}} |
File renamed without changes.
File renamed without changes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
5 changes: 3 additions & 2 deletions
5
...content/en/docs/core-components/_index.md → ...content/en/docs/core-components/_index.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
4 changes: 2 additions & 2 deletions
4
...ent/en/docs/core-components/api-design.md → ...ent/en/docs/core-components/api-design.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
...ntent/en/docs/core-components/database.md → ...ntent/en/docs/core-components/database.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
--- | ||
title: SOARCA Database | ||
title: Database | ||
weight: 7 | ||
categories: [architecture] | ||
tags: [database] | ||
|
4 changes: 2 additions & 2 deletions
4
...ent/en/docs/core-components/decomposer.md → ...ent/en/docs/core-components/decomposer.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
...on/content/en/docs/core-components/log.md → docs/content/en/docs/core-components/log.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,105 @@ | ||
--- | ||
title: Executer Modules | ||
weight: 6 | ||
categories: [architecture] | ||
tags: [components] | ||
description: > | ||
Native executer modules | ||
--- | ||
|
||
## Requirements | ||
Executer modules are part of the SOARCA core. Executer modules perform the actual commands in CACAO playbook steps. | ||
|
||
|
||
## Native modules in SOARCA | ||
The following capability modules are defined in SOARCA: | ||
|
||
- ssh | ||
- http-api | ||
- openc2-http | ||
|
||
The capability will be selected on the type of the agent in the CACAO playbook step. This type must be equal to `soarca-<capability identifier>`. | ||
|
||
### SSH capability | ||
|
||
This module is defined in a playbook with the following TargetAgent definition: | ||
|
||
```json | ||
"agent_definitions": { | ||
"soarca--00010001-1000-1000-a000-000100010001": { | ||
"type": "soarca-ssh" | ||
} | ||
}, | ||
``` | ||
|
||
This modules does not define specific variables as input, but of course variable interpolation is supported in the command and target definitions. It has the following output variables: | ||
|
||
```json | ||
{ | ||
"__soarca_ssh_result__": { | ||
Type: "string", | ||
Name: "result", | ||
Value: "<output from command here>" | ||
} | ||
} | ||
``` | ||
|
||
If the connection to the target fail the structure will be set but be empty and an error will be returned. If no error occurred nil is returned. | ||
|
||
|
||
## HTTP-API capability | ||
|
||
This module is defined in a playbook with the following TargetAgent definition: | ||
|
||
```json | ||
"agent_definitions": { | ||
"soarca--00020001-1000-1000-a000-000100010001": { | ||
"type": "soarca-http-api" | ||
}, | ||
}, | ||
``` | ||
|
||
It supports variable interpolation in the command, port, authentication info, and target definitions. | ||
|
||
The result of the step is stored in the following output variables: | ||
|
||
```json | ||
{ | ||
"__soarca_http_api_result__": { | ||
Type: "string", | ||
Name: "result", | ||
Value: "<response from http-api here>" | ||
} | ||
} | ||
``` | ||
|
||
## OPEN-C2 capabilty | ||
|
||
This module is defined in a playbook with the following TargetAgent definition: | ||
|
||
```json | ||
"agent_definitions": { | ||
"soarca--00030001-1000-1000-a000-000100010001": { | ||
"type": "soarca-openc2-http" | ||
}, | ||
}, | ||
``` | ||
|
||
It supports variable interpolation in the command, headers, and target definitions. | ||
|
||
The result of the step is stored in the following output variables: | ||
|
||
```json | ||
{ | ||
"__soarca_openc2_http_result__": { | ||
Type: "string", | ||
Name: "result", | ||
Value: "<response from openc2-http here>" | ||
} | ||
} | ||
``` | ||
|
||
--- | ||
|
||
## MQTT fin module | ||
This module is used by SOARCA to communicate with fins (capabilities) see [fin documentation](/docs/soarca-extentions/) for more information |
4 changes: 2 additions & 2 deletions
4
...e-components/soarca-application-design.md → ...e-components/soarca-application-design.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
Oops, something went wrong.