SOAR SDK

Use the SOAR SDK to create Python-based function apps in either the container package or the previous extension package. You can also use the SDK to package customization apps.

The SOAR SDK provides the template files to develop your app and specify how to run your app in a container. The SDK package includes Resilient Circuits (runtime) and the Resilient module (utilities library).

The containers run Python 3.6.8 and the Resilient Circuits framework that automatically manages authenticating and connecting to the STOMP connection and REST API in the SOAR platform. Containers run on top of the Red Hat Enterprise (RHEL) universal base.

You can download the SDK from Pypi.

Features

The SDK provides the following features:

• Codegen utility that provides a Python environment and the ability to generate starting code from template files. Your code can take the form of a function processor or a utility that acts upon data received from a SOAR organization but does not return data to the SOAR organization.
• Dockerfile that provides all the information needed to build a container for the app. You can modify the file in those situations where your app requires additional operating system or Python components. The dockerfile is compatible with Docker or other container management solutions, such as RHEL Podman.
• Apikey_permissions.txt file that defines the permissions for the app’s API key account. The template lists all SOAR permissions so that you can easily select which permissions you need for your app. When your completed app is installed, the SOAR platform automatically generates an API key account with the permissions you specified.
• Docgen utility that provides a documentation template which prompts you for the information needed to generate installation and user instructions.
• Automatically generates your app in the SOAR extension format for earlier versions of the SOAR platform that do not support the container format.
• Ability to migrate existing SOAR integrations or extensions to the app container format by adding the files required to the integration then packaging the updated integration into the container format.

The SOAR SDK packages the app into a zip file. The zip file contains the tar.gz file which can be used with SOAR platforms supporting the integration server. The JSON file contains metadata for the app when installed into the SOAR platform and information on which repository to obtain the container with which to run the business logic of the app. The export.res file contains the playbook components.

Components (Python Class)

A component is a Python class. Each component typically performs one or more activities for a single app. That might be a single function, such as searching for data and returning results, or a collection of methods that work together. Additionally, special-purpose components include polling timers and web services. Components can use the Circuits framework to send messages to each other.

Multiple components are collected together into a package that can be easily distributed and installed.

When a component is running, the framework takes care of subscribing to message destinations and reading the events as they occur. When an action is triggered by a rule in the SOAR platform, the action message is delivered to the framework, which runs the corresponding Python method. The Python method also has ready access to the SOAR REST API.