Open source security automation workflows — each one governed by ARX from first run.
Every workflow documents:
- The security operation it automates
- The manual time it replaces
- The tools/connectors involved
- The risk classification of every action
- How ARX governs it (policy, HITL gates, audit trail)
| Workflow | Time Saved | Connectors | Risk |
|---|---|---|---|
| Alert Triage Automation | 3 hrs/analyst/day | Splunk, CrowdStrike, ServiceNow | HIGH — HITL Gated |
| Wiz Finding Distribution | 4 hrs/week → 4 min | Wiz, Jira, Slack | LOW — Auto-Approved |
| Vulnerability Ticket Creation | 3-5 hrs/week | Wiz, Qualys, Jira | MEDIUM |
| Workflow | Time Saved | Connectors | Risk |
|---|---|---|---|
| Access Certification Campaign | 2 days/quarter → 2 hrs | Okta, ServiceNow, Slack | HIGH — HITL Gated |
| Stale Account Deactivation | 4 hrs/month | Okta, Slack | HIGH — HITL Gated |
| MFA Enforcement Check | 2 hrs/week | Okta, Slack, Jira | LOW — Auto-Approved |
| Workflow | Time Saved | Connectors | Risk |
|---|---|---|---|
| Incident Closure Documentation | 2 hrs/incident | CrowdStrike, Splunk, ServiceNow | MEDIUM |
| Host Containment Automation | 15 min/incident → 30 sec | CrowdStrike, Slack, PagerDuty | HIGH — HITL Gated |
| Phishing Response Automation | 45 min/incident | Splunk, Okta, CrowdStrike, Jira | HIGH — HITL Gated |
| Workflow | Time Saved | Connectors | Risk |
|---|---|---|---|
| Endor Labs Finding Triage | 3 hrs/week | Endor Labs, Jira, Slack | MEDIUM |
| Dependency Risk Alerting | 2 hrs/week | Endor Labs, Slack, PagerDuty | LOW — Auto-Approved |
| SCA Policy Violation Response | 1 hr/violation | Endor Labs, Jira, Slack | MEDIUM |
| Workflow | Time Saved | Connectors | Risk |
|---|---|---|---|
| Cloud Misconfiguration Remediation | 5 hrs/week | Wiz, Jira, Slack | MEDIUM |
| Sentinel Alert Enrichment | 20 min/alert | Microsoft Sentinel, CrowdStrike, ServiceNow | LOW — Auto-Approved |
| Workflow | Time Saved | Connectors | Risk |
|---|---|---|---|
| Compliance Evidence Collection | 8 hrs/audit | Splunk, Okta, CrowdStrike, Wiz | LOW — Auto-Approved |
| SLA Breach Alerting | 1 hr/week | ServiceNow, PagerDuty, Slack | LOW — Auto-Approved |
| Workflow | Time Saved | Connectors | Risk |
|---|---|---|---|
| Critical Vuln Escalation | 30 min/vuln | Wiz, Qualys, PagerDuty, Jira | MEDIUM |
| Patch Verification Check | 3 hrs/week | Qualys, CrowdStrike, ServiceNow | LOW — Auto-Approved |
| Container Image Scan Gating | 15 min/deploy | Endor Labs, Wiz, Slack | MEDIUM |
| Workflow | Time Saved | Connectors | Risk |
|---|---|---|---|
| IOC Auto-Enrichment | 10 min/IOC | CrowdStrike, Splunk, VirusTotal | LOW — Auto-Approved |
| Threat Hunt Automation | 4 hrs/hunt | Splunk, CrowdStrike, Sentinel | MEDIUM |
| Workflow | Time Saved | Connectors | Risk |
|---|---|---|---|
| PagerDuty Incident Auto-Triage | 15 min/incident | PagerDuty, Splunk, Slack | MEDIUM |
| Slack Escalation Bot | 5 min/escalation | Slack, PagerDuty, Jira | LOW — Auto-Approved |
| Off-Hours Alert Routing | 10 min/night | PagerDuty, Slack, Splunk | LOW — Auto-Approved |
pip install arxEach workflow includes:
workflow.py— The automation codearx.yaml— ARX governance configuration (policy, HITL gates, risk thresholds)README.md— Documentation with setup instructions
MIT — Fork it, improve it, submit yours.