SOARCA-GUI

Categories:

SOARCA can now work with a front-end interface called the SOARCA-GUI (written in the GoTTH stack for simplicity), which can be found in a separate repository. The SOARCA-GUI is designed to assist administrators and analysts in tracking executions and providing manual inputs when specific action steps require decision-making. In its first version, the SOARCA-GUI allows users to track the execution of playbooks.

Our long-term vision for the SOARCA-GUI includes enabling users to configure SOARCA directly, test integrations using tools like the SOARCA Fin library, and manage these tasks without requiring terminal commands or interventions. Additionally, we plan to introduce functionality for viewing and managing playbooks in a future version of the interface.

The SOARCA-GUI features OIDC-based login for authentication and authorization. Similar to SOARCA, the SOARCA-GUI uses the gauth library as authentication & authorization middleware. This middleware is known to work with Authentik. For more information on setting up authentication for SOARCA, please refer to the documentation here. Authentication only works when enabling OIDC, as such if you want to have authentication you are required to setup Authentik or a different OIDC-provider. Note, that other OIDC-providers have not been tested yet.

Setting up SOARCA-GUI with SOARCA

Minimal setup

Under deployments in our repo, we have provided an example docker compose file for running SOARCA in combination with the SOARCA-GUI. Note, that this setup is quite minimal, since no further authentication has been setup.

cd docker/soarca && sudo docker compose --profile gui up -d

Impression of the SOARCA-GUI

Login via OIDC-based authentication

core

Main Dashboard

core

Dark theme

The SOARCA-GUI also features dark theme mode for the real hackers. core

Follow CACAO playbook execution progress

core


Last modified January 20, 2025: finished minimal docs for gui soarca integration (ba11b14)