README
¶
Catalyst
Speed up your reactions
Website - The Catalyst Handbook (Documentation) - Try online
Twitter - Discord
Catalyst is an incident response platform or SOAR (Security Orchestration, Automation and Response) system. It can help you to automate your alert handling and incident response procedures.
Features
Ticket (Alert & Incident) Management
Tickets are the core of Catalyst. They represent alerts, incidents, forensics investigations, threat hunts or any other event you want to handle in your organisation.
Ticket Templates
Templates define the custom information for tickets. The core information for tickets like title, creation date or closing status is kept quite minimal and other information like criticality, description or MITRE ATT&CK information can be added individually.
Conditional Custom Fields
Custom Fields can be dependent on each other. So if you, for example choose "malware" as an incident type a custom field ask you to define it further as ransomware, worm, etc. which a "phishing" incident would ask for the number of received mails in that campaign.
Playbooks
Playbooks represent processes that can be attached to tickets. Playbooks can contain manual and automated tasks. Complex workflows with different workflow branches, parallel tasks and task dependencies can be modeled.
Automations
Automations are scripts that automate tasks or enrich artifacts. Automations are run in their own Docker containers. This enables them to be created in different scripting languages and run securely in their own environment.
Users
Catalyst has two different types of users, normal users accessing the platform via OIDC authentication and API keys for external script. A fine-grained access model is available for both types and allows to define possible actions for each user.
License
Copyright (c) 2021-present Jonas Plum
Portions of this software are licensed as follows:
- All third party components incorporated into Catalyst are licensed under the original license provided by the owner of the applicable component. Those files contain a license notice on top of the file and are listed in the NOTICE file.
- Content outside the above-mentioned files above is available under the GNU Affero General Public License v3.0.
Documentation
¶
Index ¶
- Variables
- func Authenticate(db *database.Database, config *AuthConfig) func(next http.Handler) http.Handler
- func AuthorizeBlockedUser() func(http.Handler) http.Handler
- func AuthorizeRole(roles []string) func(http.Handler) http.Handler
- func Backup(catalystStorage *storage.Storage, c *database.Config, writer io.Writer) error
- func GetVersion() string
- func Restore(ctx context.Context, catalystStorage *storage.Storage, db *database.Database, ...) error
- type AuthConfig
- type Config
- type Server
- type WriterAtBuffer
Constants ¶
This section is empty.
Variables ¶
var VERSION string
Functions ¶
func Authenticate ¶
func GetVersion ¶
func GetVersion() string
Types ¶
type AuthConfig ¶
type AuthConfig struct {
OIDCIssuer string
OAuth2 *oauth2.Config
OIDCClaimUsername string
OIDCClaimEmail string
// OIDCClaimGroups string
OIDCClaimName string
AuthBlockNew bool
AuthDefaultRoles []role.Role
AuthAdminUsers []string
// contains filtered or unexported fields
}
func (*AuthConfig) Verifier ¶
func (c *AuthConfig) Verifier(ctx context.Context) (*oidc.IDTokenVerifier, error)
Source Files
Directories