ReflexSOAR is an open-source security orchestration, automation, and incident response platform. It is designed by experts in the field to maximize SOC efficiency and orchestrate automation to abstract away mundane tasks. The outcome is a streamlined workflow, enhanced productivity, and a heightened ability to prioritize and address security incidents that truly matter.
As a team of security professionals, our primary objective in developing ReflexSOAR is to simplify Security Operations for all users. We strive to create a user-friendly and intuitive platform that empowers security teams to effectively manage and respond to security incidents. By leveraging automation, integration, and intelligent workflows, ReflexSOAR aims to streamline complex security processes, minimize manual effort, and enhance overall operational efficiency. Our goal is to provide a solution that enables security professionals of all levels to navigate the challenges of security operations with ease and confidence.
ReflexSOAR offers a comprehensive range of capabilities, including but not limited to:
Event Rules: dynamically respond to Events by automatically dismissing, merging to cases, adding tags, or updating severity
Cases: create Cases and leverage Case Templates to track the investigation of alerts by your analyst
Intel Lists: develop internal or poll external threat Intel Lists to enrich events to further assist your analyst during their investigations
Inputs: configure Inputs to pull alerts or alarms from your SIEM or other security tools for your analyst to review
Reflex Query Language (RQL): leverage mutators and expressions against alerts to granularly tailor the automated responses and actions
Agents: deploy Agents within your environment to pull the alerts and alarms from your on-premise systems
Detections: create your own Detection Rules to share with your Reflex subtenants
Playbooks**: automation and orchestration Playbooks
**This feature is still in development; however, automation is available today in the form of Event Rules
ReflexSOAR is open-source under a GNU General Public License v3.0. Experience the full range of features without any restrictions beyond your hardware or training capabilities. Our model is designed to offer commercial support and services, while ensuring that ReflexSOAR remains freely available to the community both now and in the future.
ReflexSOAR commercial support is facilitated by H & A Security Solutions, LLC, and is offered under the following commercial support offerings:
|Open-Source||Standard Support||Premium Support|
|Price||Zero||Starts at $15k US||Starts at $25k US|
|Professional Support||No||8 x 5||8 x 5|
|Number of Supported Users||0||5 Named Users||5 Named Users|
|Cloud Hosted||No||Included **||Included **|
|Default Case Templates||No||Included||Included|
|Custom Case Templates||Not included||Not included||5 Included|
|Custom Event Rule Creation||0||25 - Implementation included||100 - Implementation included|
|Intel List Capacity||Your hardware||10 GB||25 GB - Includes H & A lists|
|Organization Custom Intel Lists||Not included||Not included||Included with implementation|
**On-premises support contracts for ReflexSOAR are available at an additional cost
Important Topics to Visit
- Getting Started
- Event Rules
- Intel Lists
- Reflex Query Language (RQL)
ReflexSOAR or Reflex?
Throughout this documentation, the terms "ReflexSOAR" and "Reflex" are used interchangeably to refer to the same entity, providing a convenient and consistent way to refer to the platform.
ReflexSOAR adheres to a versioning convention that follows this format:
YY: two-digit year of the release
MM: two-digit month of the release
000: version/build number
tag: additional information about the release
For instance, a version like
22.08.001 would indicate the initial release for August of 2022, while versions with tags like
RC-0 (release candidates) or
HD-01 (hotfixes) signify specific release statuses or fixes.