Introduction

Energy SOAR is a Security Orchestration, Automation, and Response platform. It centralises incident management, observable enrichment, and automated response in a single on-premise deployment.

Core modules

Energy SOAR Base handles case management and alert triage. Analysts work here: reviewing alerts, managing cases, tracking observables, and running tasks. Organisations can share cases across tenants and run scheduled reports.

Energy SOAR Automation runs analyzers and responders against observables and events. Analyzers enrich data by querying threat intelligence sources. Responders execute containment and remediation actions in integrated systems.

Energy SOAR Workflow is the playbook engine. It connects nodes to build automated response sequences that span multiple tools and APIs. Built on n8n.

Optional component

Energy Logserver integration forwards alerts from Energy Logserver SIEM into Energy SOAR as cases. See Energy Logserver Integration for setup.

Key capabilities

  • Multi-tenancy — a single installation supports multiple isolated organisations. MSSP operators run one platform for all clients; each client sees only their own data.

  • Case correlation — the similarity engine flags alerts and cases that share observables, reducing duplicate investigations.

  • Threat intelligence enrichment — over a hundred analyzers query threat feeds, sandboxes, and DNS resolvers. Results appear alongside each observable without leaving the platform.

  • Playbook automation — the built-in n8n workflow engine runs scheduled playbooks that handle triage, escalation, and response with no manual steps.

  • TTP tracking — cases link to MITRE ATT&CK techniques, building a tactical picture of incidents for reporting and trend analysis.

  • Scheduled reports — dashboard snapshots generate as PDF on a schedule and deliver by email for management reporting.

  • On-premise deployment — runs entirely within your network. No data leaves the organisation boundary.

Where to go next