Open-Source SOAR Uncovered (list with all available projects)

In this week's edition, I deep dive into the world of open-source SOAR (Security Orchestration, Automation, and Response) platforms. Despite thorough research, I realised there’s a lack of an updated list of all open-source SOAR projects. So, let’s explore this space together.

Why Open-Source Matters to Me

My first hands-on experience with an open-source project was around 2012-2013. At that time, I was implementing Security Onion, Suricata, and AlienVault for an employer. This experience was foundational, teaching me the essentials of security architecture and engineering. These projects were truly eye-opening, paving the way for later work, such as developing a complete Threat Intelligence program around CRITS. Over time, I have engaged with more than 20 different open-source projects. Here’s what I’ve learned about the advantages and challenges of taking this route.

Pros of Open-Source Projects:

• No Licensing Fees: Open-source tools are generally available without the hefty licensing fees associated with commercial software, which can be particularly beneficial for startups and small businesses with limited budgets.

• Optional Support Costs: While the base software is free, many open-source projects offer paid support services for a relatively low cost, providing an economical way to access expert assistance when needed.

• Tailor-Made Solutions: Open-source software often comes with highly customisable codebases that allow users to tweak and alter the software to fit their specific operational needs or integrate with existing systems.

Cons of Open-Source Projects:

• Initial Setup Complexity: While customizable, the initial setup and integration of open-source tools can be complex without vendor support, potentially leading to higher upfront time investments.

• Long-Term Maintenance Burden: As businesses grow, they might find that the open-source solution requires substantial customisation or additional coding to scale with their operations, which can divert resources from other areas.

• Intermittent Updates and Support: Unlike commercial products, some open-source projects may suffer from irregular updates or be abandoned altogether, leading to potential security and functionality gaps.

• Community-Dependent Reliability: The reliability of finding solutions through community forums is not guaranteed; users may face delays or lack of responses to critical issues.

If you're enjoying my newsletter, why not start your own? Grab your 30-day trial and a 20% discount here:

If you want to get on a call and have a discussion about security automation, you can book paid consultancy here:

Exploring Open-Source SOAR Platforms

I've done some digging to uncover several open-source SOAR projects. Without big marketing budgets or SEO strategies, these projects often rely solely on community engagement and word-of-mouth.

To aid in your exploration, I've created an infographic that lists these projects, including links and information on active support, like the most recent version release.

Are you passionate about cybersecurity and eager to stay ahead of the curve? Become an Ultimate Supporter of our blog and gain exclusive access to cutting-edge content, while playing a pivotal role in sustaining our community.

By joining the Ultimate Supporter tier, you decide how much you wish to contribute, directly aiding in the maintenance and growth of our website. Your support helps us cover essential costs, ensuring we can continue to deliver top-notch insights and tools for engineers and cybersecurity leaders.

As an added benefit, each Ultimate Supporter will receive a link to the editable versions of the visuals used in our blog posts. This exclusive access allows you to customize and utilize these resources for your own projects and presentations.

Join us today and be part of a movement that drives innovation and security in the digital world. Your contribution, big or small, makes a significant impact. Let's secure the future together!