This is a repository of workflows provided for those interested in deploying Security Orchestration, Automation, and Response capabilities within their organizations.
The workflows are mapped and organized based on how their core effects align with the NIST Cybersecurity Framework. For more information on the NIST framework, documentation is available at the NIST Website
In Addition to the main set of workflows, a sample of workflows that were developed for a pilot on Indicator of Compromise Automation for State, Local, Tribal, and Territorial governments is also provided as a use case. These samples provide a Use Case to illustrate how organizations can tailor these workflows to address their own environments
Many of these workflows are designed to work in an integrated environment where one workflow can call another. To better understand the relationships between workflows, the following mapping is provided as a guide.
BPMN is a standard for modeling business process that is used for the workflows in this repository. It is maintained by the Object Management Group and full documentation is available on the BPMN Specification Website. The workflows in this repository are provided in the XML format ".bpmn" as well as in PNG form. The XML files can be read using a variety of tools
To aid the reader in understanding the syntax used in these workflows, the following abridged guide to BPMN is provided.
This material is based upon work supported by the U.S. Department of Homeland Security / Cybersecurity & Infrastructure Security Agency under Grant Award Number DHS-19-CISA-128-SLT-001 State, Local, Tribal and Territorial Indicators of Compromise Automation Pilot.
The views and conclusions contained in this document are those of the authors and should not be interpreted as necessarily representing the official policies, either expressed or implied, of the U.S. Department of Homeland Security / Cybersecurity & Infrastructure Security Agency.
This work is licensed under CC0 1.0 Universal. To the extent possible under law, the authors have waived all copyright and related or neighboring rights to Shareable SOAR Workflows. This work is published from: United States.