Skip to content

drdre4664/python-security-automation

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
sample-alerts
sample-alerts
 
 
src
src
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Python Security Automation — SOAR-Lite

Overview

A lightweight Security Orchestration, Automation and Response (SOAR) tool built in Python. Automatically ingests security alerts, triages severity, enriches with threat intelligence, and generates structured incident tickets — mimicking real-world SOAR platforms like Splunk SOAR and Palo Alto XSOAR.

What It Does

  1. Ingests security alerts from a JSON alert file
  2. Triages each alert by severity (CRITICAL, HIGH, MEDIUM, LOW)
  3. Enriches alerts with IP reputation lookup and user context
  4. Generates a structured incident report for each alert
  5. Logs all actions with timestamps for audit trail

Attack Scenarios Handled

  • Brute force login attempts
  • Privilege escalation events
  • Suspicious outbound connections
  • Unauthorized file access

Repository Structure

  • src/ — Core Python automation scripts
  • sample-alerts/ — Sample security alert JSON files
  • reports/ — Auto-generated incident reports
  • docs/ — Architecture and usage documentation

Skills Demonstrated

  • Python security scripting
  • Alert triage and enrichment
  • SOAR workflow automation
  • Incident report generation
  • Detection engineering

How to Run

pip install -r requirements.txt
python src/soar_engine.py

About

Python SOAR-lite engine that ingests security alerts, triages severity, enriches context, and auto-generates incident tickets — mirroring enterprise SOAR workflows.

Topics

python incident-response security-automation soar detection-engineering

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages