SOAR-Flow
SOAR-Flow is a security orchestration project that integrates Shuffle SOAR, Wazuh SIEM, and TheHive to automate incident response workflows. It receives security alerts from Wazuh, enriches them using external threat intelligence APIs including VirusTotal and AbuseIPDB, creates tracked incidents in TheHive for case management, and sends real-time Discord notifications for team awareness. An optional auto-mitigation feature can block malicious IP addresses detected during enrichment. Built for SOC environments, SOAR-Flow reduces manual analyst workload, accelerates response times, and improves operational efficiency by connecting detection, enrichment, case management, and notification steps into a single automated pipeline. The project provides installation guidance for deploying Wazuh SIEM with all-indexer architecture and TheHive with its required components including Cassandra, Elasticsearch, and Java on Ubuntu 24.04 LTS, along with Shuffle workflow configuration for orchestrating the full incident respons