We were inspired by police/ambulance sirens - everyone sees the flashing lights and sound and knows immediately to move the heck out of the way. So how can we create something like that for SOC analysts? Something that signifies ACTION! as soon as someone sees it, regardless of what they are doing.
What it does
Our project combines the power of Philips Hue API with XSOAR - allowing XSOAR users to add in Hue Light effects to any of their playbooks for a little added flair during incident investigations. Users will be able to add different colored lights at different points during the playbook to signal triggering of an incident, closure of an incident, required action from users, etc.
How we built it
We created an integration in XSOAR for Philips Hue using their open source API, then a wrapper script to get/set the light ID inside of a playbook, and lastly a malware playbook to put it all together.
Challenges we ran into
Only one team member had a set of Philips Hue lights, so most of the time we had to perform testing with his set of lights.
What we learned
Not to procrastinate ;)
What's next for HUEge Automation!
At some point, we would like to create an integration with some sort of speaker so we can play music at different parts of playbooks - like the Mission Impossible theme when the analyst begins investigating.