A no bullshit, purpose built SOAR (security orchestration, automation and response) platform.
Get to the heart of your alerts, cases and incidents and remediate them.
Warning
This project is actively being developed and is not production ready (yet!).
Swan is built with these requirements in mind:
- Speed. When seconds and minutes matter, the tools we use should not be why we are slowed down.
- Secure. With privileged access for integrations, sensitive user PII/proprietary info, and the nature of the work, this tool should be secure without being instrusive.
- Graceful degradation. Tools are complex, we cannot accept one or more components having issues causing the entire platform to be inoperative.
- Browser issues, connectivity issues should not cause data loss.
- No core dependencies on any cloud services. Everything must be able to run offline or air-gapped.
- Uninstrusive. Everything where you need it, as you need it, without any extra fluff in the way. Easily slot into existing workflows, without derailing them altogether. Respect the user and meet them where they are.
- Customizable. Every user, company, and deployment are unique. Users should be allowed to customize and tinker with the platform in as many ways as possible.
- Integrations with other tools.
- Data is owned by the user.
- Modular integrations for custom tools or features that can easily be added and maintained alongside upstream.
- Individual, shared, and default settings/layouts/features that can be easily modified within the interface.
- Free. With the GPL-3.0 license. All dependencies should be GPL-3.0 or equally "free".
- Primary datastore: Apache CouchDB
The frontend component allows users to interface with the backend in a visual manner. Frontend is not required and the backend can operate headlessly.
The backend component powers the API, background processing, and websocket connectivity.