Admyral Save

Disclaimer: Admyral is still in public alpha. If you'd like to use it within your company or try it out, reach out to us via [email protected] or directly on Discord.

Admyral is an open-source, drag-and-drop security workflow builder with integrated case management (Think Torq but open-source). Through the combination of case management, workflow automation, and AI, Admyral seeks to enable:

1. A unified console to handle incidents 🖥️
2. A seamless workflow creation -- even during incident triage, investigation, or response 👷
3. Automatic next step and workflow recommendations for individual cases 🤖

This is what we call a next-gen Hyperautomation Platform. It is engineered to provide a new and more effective and scalable approach for tackling alert fatigue and automating security workflows.

Here is a sneek-peak into the workflow builder:

🗺️ Key Features & Roadmap

Hyperautomation Platform Foundation

• Workflow Actions
  • HTTP request
  • Webhook
  • Credentials for Webhook
  • If-Condition
  • AI Actions
  • Send Emails
  • Scheduling
  • Case Actions (Create Case, Update Case, etc.)
  • Receive Emails
  • Data Transformations
  • Formulas
  • Custom Python code
• Run history
• Case Management
• Alert Handling
• Dashboard
• Integrations - do you need any integration? let us know!

Next-Gen Hyperautomation Features

• Natural Language to Workflow
• Investigation Copilot
• Next steps recommendation for cases
• Customized workflow recommendations

Hosting

• Cloud version
• Self-hosting

Misc

•  Multi-tenancy

Admyral in <5 Minutes

// A demo is coming at the end of April 2024

🚀 Get Started

// coming at the end of April 2024

💬 Feedback & Contributing to Admyral

We value your feedback and contributions! If you have suggestions, questions, or would like to discuss anything related to Admyral, just text us on Discord.

You can best support us and this project by:

1. Giving it a star on GitHub
2. Joining our active community on Discord
3. And giving us feedback

❓ FAQ

What is the issue with the current Security Automation tools?

1. Challenges of Staffing in Security Automation Implementation: Security automation platforms promised to reduce the burden on security teams. However, they still require a dedicated team for building and managing automations, not addressing the ongoing issue of a skilled worker shortage.

2. Automation Builders & Requesters vs. Automation Users: Security Engineers are tasked with building automations while Managers drive their development based on input from the end users, aka Security Analysts. To complicate this, there's a lack of a feedback loop among these groups.

3. Inflexibility of Static Workflows in a Dynamic Threat Environment: Existing security automation platforms originated from generic workflow builders and are designed for static environments and pre-GenAI era. In cybersecurity, where threats evolve rapidly, static workflows are inadequate. It is impossible to constantly maintain and update static and predefined workflows.

Overall, creating workflows should be made easier, more accessible, and faster. This enables automation users, e.g. Security Analysts, to effortlessly create workflows during their regular processes without creating additional overhead. To achieve this, we have to rethink the creation and overall concept of security automation. We believe that workflows is a dynamic concept that should welcome easy case-by-case adjustments during the incident investigation stage and beyond.

Why should security automation and case management be combined?

Security automation and case management are two sides of the same coin. Security automation is the process of automating security tasks, while case management is the process of managing security incidents. Combining the two allows for a more streamlined and efficient incident response process. By automating repetitive tasks and integrating automations into the case management process, security teams can respond to incidents more quickly and effectively. This integration also allows for better tracking and reporting of incidents, which can help organizations identify trends and improve their overall security posture.

How do you stay secure?

Visit SECURITY.md for more details.

What does your pricing look like?

As Admyral is still in its public alpha phase, we have not finalized a specific pricing structure yet. We invite interested organizations to reach out directly via email at [email protected] or Discord to discuss potential use cases and explore custom pricing options based on their needs and the scale of implementation.

Why is Admyral open-source?

We are open-source for the following reasons:

• To establish transparency and trust with our users
• To enable the community to self-host and contribute to Admyral
• To collaborate on integrations and features with the community because users know best what a security automation platform should look like

Does Admyral stay open-source?

We love open-source. Therfore, Admyral stays committed to keep all open-sourced features freely available under the same open-source terms and maintain them. However, future premium features may only be part of our enterprise version. For specific requirements, please reach out to us via [email protected].

🏙️ Enterprise Version

As of now, our project does not have a dedicated Enterprise version. If you represent an MSSP or an Enterprise and would like to discuss potential collaborations with Admyral, please do not hesitate to reach out directly at [email protected] to start a conversation. We are excited about the possibility of working together to meet your specific business needs and to expand the capabilities of our project in a way that benefits your organization.

📃 License

This repository is licensed under Apache License 2.0. See LICENSE for more details.