opensoar-hq/opensoar-sdk

# OpenSOAR SDK 用于为 [OpenSOAR](https://github.com/opensoar-hq/opensoar) SOAR 平台构建集成和 playbook 的 Python SDK。 ## 安装 ``` pip install opensoar-sdk ``` ## 构建集成 ``` from opensoar_sdk import Integration, action class MyIntegration(Integration): name = "my-tool" async def connect(self): self.client = MyToolClient(self.config["api_key"]) async def health_check(self) -> bool: return await self.client.ping() @action(timeout=30, retries=2) async def lookup_ip(self, ip: str) -> dict: return await self.client.query(ip) ``` ## 编写 Playbook ``` from opensoar_sdk import playbook, action @playbook(trigger="webhook", conditions={"severity": ["high", "critical"]}) async def triage_alert(alert): result = await enrich_ip(alert.source_ip) if result.malicious: await block_ip(alert.source_ip) await notify_slack(f"Blocked {alert.source_ip}") ``` ## 测试 ``` from opensoar_sdk.testing import mock_alert, mock_run_context async def test_my_playbook(): alert = mock_alert(severity="high", source_ip="1.2.3.4") async with mock_run_context(): await triage_alert(alert) ``` ## OpenSOAR 的一部分 请参阅 [主仓库](https://github.com/opensoar-hq/opensoar) 获取完整文档。

标签：FTP漏洞扫描, incident Response, OpenSOAR, Playbook 开发, Python SDK, SOAR 平台, 安全编排, 安全集成, 异步编程, 网络安全, 自动化响应, 计算机取证, 逆向工具, 隐私保护