Admyral is an open-source Cybersecurity Automation & Investigation Assistant. Admyral's Assistant enjoys a deep integration into Admyral's case management and workflow automation. Through this triangulation, SOC teams can benefit from:
- A unified console to perform investigations and handle incidents πΊ
- A seamless workflow automation creation -- even during incident triage, investigation, or response π·
- Automatic alert investigation as well as next step suggestions for analysts π§β
βοΈ - Recommendations for automating workflows π€
Through Admyral's Assistant functionality, Admyral seeks to provide a new, more effective, and scalable approach for tackling alert fatigue and automating security workflows.
β β β Try out the free cloud version β β β
Here is a sneek-peak into the workflow automation builder:
- Workflow Actions
- HTTP request
- Manual and event-based workflow start
- Credential Management for HTTP Requests
- If-Condition
- AI Actions
- Send Emails
- Scheduling
- Case Actions (Create Case, Update Case, etc.)
- Receive Emails
- Data Transformations
- Formulas
- Custom Python code
- Run history
- Case Management
- Alert Handling
- Dashboard
- Natural Language to Workflow Automation
- Incident Investigation Assistant
- AI-proposed next steps on handling an incident/a case
- Customized workflow automation recommendations
Available Integrations: VirusTotal, AlienVault, Slack, ThreatPost, YARAify, Phish Report
Many more integrations are coming soon such as URLHaus, URLScan, GreyNoise, AbuseIPDB, Jira, MS Defender, SentinelOne, AWS Cloudtrail to name a few. What integrations are missing for you? Let us know on Discord or chris@admyral.dev about your use-case and we will build it within one week!
- Cloud version
- Self-hosting
- Multi-tenancy for MSSPs
// A demo is coming at the end of May 2024
Managed deployment by the Admyral team, free, no credit card required.
# Clone the repository
git clone https://github.com/Admyral-Security/admyral.git
# Change directory to docker self-hosting
cd admyral/deploy/selfhosting
# Copy the env vars
cp .env.example .env
# Start the services in detached mode
docker compose up -dΒ» Learn more about deploying locally
We value your feedback and contributions! If you have suggestions, questions, or would like to discuss anything related to Admyral, just text us on Discord or Slack.
You can best support this project by:
- Giving it a star on GitHub
- Joining our active community on Discord and/or Slack
- And giving us feedback
-
Challenges of Staffing in Security Automation Implementation: Security automation platforms promised to reduce the burden on security teams. However, they still require a dedicated team for building and managing automations, not addressing the ongoing issue of a skilled worker shortage.
-
Automation Builders & Requesters vs. Automation Users: Security Engineers are tasked with building automations while Managers drive their development based on input from the end users, aka Security Analysts. To complicate this, there's a lack of a feedback loop among these groups.
-
Inflexibility of Static Workflows in a Dynamic Threat Environment: Existing security automation platforms originated from generic workflow builders and are designed for static environments and pre-GenAI era. In cybersecurity, where threats evolve rapidly, static workflows are inadequate. It is impossible to constantly maintain and update static and predefined workflows.
Overall, creating workflows should be made easier, more accessible, and faster. This enables automation users, e.g. Security Analysts, to effortlessly create workflows during their regular processes without creating additional overhead. To achieve this, we have to rethink the creation and overall concept of security automation. We believe that workflows is a dynamic concept that should welcome easy case-by-case adjustments during the incident investigation stage and beyond.
Security automation and case management are two sides of the same coin. Security automation is the process of automating security tasks, while case management is the process of managing security incidents. Combining the two allows for a more streamlined and efficient incident response process. By automating repetitive tasks and integrating automations into the case management process, security teams can respond to incidents more quickly and effectively. This integration also allows for better tracking and reporting of incidents, which can help organizations identify trends and improve their overall security posture.
Visit SECURITY.md for more details.
As Admyral is still in its public alpha phase, we have not finalized a specific pricing structure yet. We invite interested organizations to reach out directly via email at chris@admyral.dev or Discord/Slack to discuss potential use cases and explore custom pricing options based on their needs and the scale of implementation.
We are open-source for the following reasons:
- To establish transparency and trust with our users
- To enable the community to self-host and contribute to Admyral
- To collaborate on integrations and features with the community because users know best what a Cybersecurity Automation & Investigation Assistant should look like
- To secure small- and medium-sized businesses, that have no budget for security
We love open-source. Therfore, Admyral stays committed to keep all open-sourced features freely available under the same open-source terms and maintain them. However, future premium features may only be part of our enterprise version. For specific requirements, please reach out to us via chris@admyral.dev.
Disclaimer: Admyral is still in public alpha. If you'd like to use it within your company or try it out, reach out to us via chris@admyral.dev or directly on Discord/Slack.
As of now, our project does not have a dedicated Enterprise version. If you represent an MSSP or an Enterprise and would like to discuss potential collaborations with Admyral, please do not hesitate to reach out directly at chris@admyral.dev to start a conversation. We are excited about the possibility of working together to meet your specific business needs and to expand the capabilities of our project in a way that benefits your organization.
This repository is licensed under Apache License 2.0. See LICENSE for more details.
Admyral automatically collects telemetry data using PostHog with hosting in the EU. We want to emphasize that no personal data is sent to PostHog. The data helps us to understand how Admyral is used and improve our most relevant features as well as track the overall usage for internal and external reporting.
None of data is shared with third parties and does not include any sensitive information. If you would like to opt-out of telemetry or have questions, please reach out to us via chris@admyral.com or contact us either on Discord or Slack, as we want to be transparent and respect your privacy.
For self-hosting, you can opt-out by simply removing NEXT_PUBLIC_POSTHOG_KEY and NEXT_PUBLIC_POSTHOG_HOST from the environment variables.