This project aims to enhance the efficiency of threat intelligence analysis through the implementation of automated workflows using n8n, integrated within Security Onion. The primary goal is to streamline the initial alert triage process, enabling SOC analysts to conduct their analyses with greater simplicity and speed.
The workflows are designed to support the analytical skills of SOC analysts, ensuring that they can focus on critical decision-making rather than getting bogged down in repetitive tasks. While the current workflows may lack strict input validation, the emphasis has been on functionality and rapid deployment for internal use.
Recognizing the value and impact of automation in the SOC environment, this project is committed to exploring additional automation opportunities to further improve operational capabilities.
Any contribution, feedback or idea is welcome.
You can find a more detailed explanation of this project in our blog post and in our GitHub where you’ll find the source code of the workflows!