Open-Source Automation in Cyber Incident Response Processes: A Low-Code-Based Continuous Detection, Verification, and Response Architecture
Abstract
Cyber threats are becoming increasingly complex; organizations face difficulties in implementing security policies due to staffing shortages and financial constraints. Manual approaches lead to high "wait times" and false alarms, exposing organizations to risks from cyberattacks. This study proposes a cost-effective, open-source, and lowcode Security Orchestration, Automation, and Response framework for public and private organizations. The proposed system incorporates Wazuh, n8n, OpenVAS, and GLPI solutions and is implemented using a Docker microservice-based architecture operating according to a "zero-touch" approach. The presented solution will help Türkiye develop its national cybersecurity infrastructure at the micro level by minimizing the need for highly skilled personnel.
Keywords
References
- Aksu, M. U., Altuncu, E., & Bicakci, K. (2019, February). A first look at the usability of openvas vulnerability scanner. In Workshop on usable security (USEC) (pp. 1-7). https://doi.org/10.14722/usec.2019.23026 Al Mansoori, F. (2023). Layered Deep Neural Systems for Dynamic Multi-Agent Interaction, Adaptive Workflow Optimization, and Autonomous Decision Execution in n8n. ThinkTide Global Research Journal, 4(4), 30-38. https://thinktidejournal.com/index.php/TGRJ/article/view/42
- Al Siam, A., Hassan, M. M., Masum, A. K. M., & Bhuiyan, T. (2025, October). Automating Malware Detection and Response via Real-Time Threat Feed Integration with Wazuh SIEM. 2nd International Conference on Computing, Applications and Systems (COMPAS) (pp. 1-6). IEEE. https://doi.org/10.1109/COMPAS67506.2025.11381876 Alabdulhadi, S., & Al-Matouq, A. (2024). Efficient and standardized alarm rationalization for cybersecurity monitoring. IEEE Access, 12, 166936-166944. https://doi.org/10.1109/ACCESS.2024.3492264
- Ayittey, G. (2025). A security operations and analytics framework: Continuous detection and response [Doctoral dissertation, University of East London]. https://doi.org/10.15123/uel.8z91z
- Bakraouy, Z., Abbass, W., Baïna, A., & Bellafkih, M. The IT Infrastructure's Industrialization and Mastering. J. Commun., 14(10), 884-891. https://doi.org/10.12720/jcm.14.10.884-891
- Bcicen, B., (2022, March 22). ctop: Top-like interface for container metrics. GitHub. Accessed: 11 April 2026. https://github.com/bcicen/ctop
- Boyle, E., & Adebayo, Y. (2020). Designing intelligent security orchestration, automation, and response (SOAR) systems with AI. Revista Cintex, 25(2), 14-27.
- Casaclang, H., Ionescu, B., Kim, Y., & Jo, J. Y. (2026, March). Self-Hosted Workflow Automation for AI-Based Cybersecurity Operation. Journal of The Colloquium for Information Systems Security Education 13(1), 21-21. https://doi.org/10.53735/cisse.v13i1.241
- Chavan, N., Patel, H., & Shah, K. (2025, April). Comprehensive Approach to Android Penetration Testing: Techniques, Tools and Best Practices for Securing Mobile Applications. 12th International Conference on Computing for Sustainable Global Development (INDIACom) (pp. 01-07). IEEE. http://doi.org/10.23919/INDIACom66777.2025.11115701
Details
Primary Language
English
Subjects
Information Systems (Other), Autonomous Agents and Multiagent Systems
Journal Section
Research Article
Publication Date
June 29, 2026
Submission Date
March 29, 2026
Acceptance Date
June 22, 2026
Published in Issue
Year 2026 Volume: 19 Number: 1