Apr 30 2024

Tracecat: Open-source SOAR

Category: Open Source,Security Toolsdisc7 @ 7:11 am

Tracecat is an open-source automation platform for security teams. The developers believe security automation should be accessible to everyone, especially understaffed small- to mid-sized teams. Core features, user interfaces, and day-to-day workflows are based on existing best practices from best-in-class security teams.

Use specialized AI models to label, summarize, and enrich alerts. Contextualize alerts with internal evidence and external threat intel:

  • Find cases using semantic search
  • MITRE ATT&CK labels
  • Whitelist / blacklist identities
  • Categorize related cases
  • MITRE D3FEND suggestions
  • Upload evidence and threat intel

Tracecat is not a 1-to-1 mapping of Tines / Splunk SOAR. The developers aim to give technical teams a Tines-like experience but with a focus on open-source and AI features.

While Tracecat is designed for security, its workflow automation and case management system are also suitable for various alerting environments, such as site reliability engineering, DevOps, and physical systems monitoring.

Turn security alerts into solvable cases:

  • Click-and-drag workflow builder – Automate SecOps using pre-built actions (API calls, webhooks, data transforms, AI tasks, and more) combined into workflows. No code required.
  • Built-in case management system – Open cases direct from workflows. Track and manage security incidents all-in-one platform.

Tracecat is cloud-agnostic and deploys anywhere that supports Docker. It’s available for free on GitHub.

Practical Threat Intelligence and Data-Driven Threat Hunting: A hands-on guide to threat hunting with the ATT&CK(TM) Framework and open source tools

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: Tracecat


Apr 04 2024

Mantis: Open-source framework that automates asset discovery, reconnaissance, scanning

Category: Open Network,Open Source,OSINTdisc7 @ 7:53 am

Mantis features

The framework conducts reconnaissance on active assets and completes its operation with a scan for vulnerabilities, secrets, misconfigurations, and potential phishing domains, utilizing open-source and proprietary tools.

Some of the features that make Mantis stand out are:

  • Automated discovery, recon, and scan
  • Distributed scanning (split a single scan across multiple machines)
  • Scan customization
  • Dashboard support
  • Vulnerability management
  • Advanced alerting
  • DNS service integration
  • Integrate new tools (existing and custom) in minutes

“Last year, we explored open-source frameworks our organization can use to monitor assets. We wanted to set up an asset discovery framework that allows us to add custom scripts, enable or disable tools to run based on configs, scale, and deploy the framework across a cluster of VMs. We also wanted to find a way to ingest domains from DNS services into our databases. This led us to create Mantis, an asset discovery framework that could help bug bounty hunters as well as security teams,” Prateek Thakare, lead developer of Mantis, told Help Net Security.

System requirements

  • Supported OS: Ubuntu, macOS
  • 4GB RAM
  • 2 cores
  • 16GB of storage

Mantis is CPU intensive, so it’s advisable to run it on a dedicated virtual machine.

Future plans and download

“We are planning to have our dashboard making it easier to view and monitor the assets. We will also work on improvising the discovery, recon, and scan process by adding new tools and custom scripts,” Thakare concluded.

Mantis is available for free on GitHub.

The OSINT Handbook: A practical guide to gathering and analyzing online information

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: Mantis, Open-source framework