Research Article

Open-Source Automation in Cyber Incident Response Processes: A Low-Code-Based Continuous Detection, Verification, and Response Architecture

Volume: 19 Number: 1 June 29, 2026
TR EN

Open-Source Automation in Cyber Incident Response Processes: A Low-Code-Based Continuous Detection, Verification, and Response Architecture

Abstract

Cyber threats are becoming increasingly complex; organizations face difficulties in implementing security policies due to staffing shortages and financial constraints. Manual approaches lead to high "wait times" and false alarms, exposing organizations to risks from cyberattacks. This study proposes a cost-effective, open-source, and lowcode Security Orchestration, Automation, and Response framework for public and private organizations. The proposed system incorporates Wazuh, n8n, OpenVAS, and GLPI solutions and is implemented using a Docker microservice-based architecture operating according to a "zero-touch" approach. The presented solution will help Türkiye develop its national cybersecurity infrastructure at the micro level by minimizing the need for highly skilled personnel. 

Keywords

References

  1. Aksu, M. U., Altuncu, E., & Bicakci, K. (2019, February). A first look at the usability of openvas vulnerability scanner. In Workshop on usable security (USEC) (pp. 1-7). https://doi.org/10.14722/usec.2019.23026 Al Mansoori, F. (2023). Layered Deep Neural Systems for Dynamic Multi-Agent Interaction, Adaptive Workflow Optimization, and Autonomous Decision Execution in n8n. ThinkTide Global Research Journal, 4(4), 30-38. https://thinktidejournal.com/index.php/TGRJ/article/view/42
  2. Al Siam, A., Hassan, M. M., Masum, A. K. M., & Bhuiyan, T. (2025, October). Automating Malware Detection and Response via Real-Time Threat Feed Integration with Wazuh SIEM. 2nd International Conference on Computing, Applications and Systems (COMPAS) (pp. 1-6). IEEE. https://doi.org/10.1109/COMPAS67506.2025.11381876 Alabdulhadi, S., & Al-Matouq, A. (2024). Efficient and standardized alarm rationalization for cybersecurity monitoring. IEEE Access, 12, 166936-166944. https://doi.org/10.1109/ACCESS.2024.3492264
  3. Ayittey, G. (2025). A security operations and analytics framework: Continuous detection and response [Doctoral dissertation, University of East London]. https://doi.org/10.15123/uel.8z91z
  4. Bakraouy, Z., Abbass, W., Baïna, A., & Bellafkih, M. The IT Infrastructure's Industrialization and Mastering. J. Commun., 14(10), 884-891. https://doi.org/10.12720/jcm.14.10.884-891
  5. Bcicen, B., (2022, March 22). ctop: Top-like interface for container metrics. GitHub. Accessed: 11 April 2026. https://github.com/bcicen/ctop
  6. Boyle, E., & Adebayo, Y. (2020). Designing intelligent security orchestration, automation, and response (SOAR) systems with AI. Revista Cintex, 25(2), 14-27.
  7. Casaclang, H., Ionescu, B., Kim, Y., & Jo, J. Y. (2026, March). Self-Hosted Workflow Automation for AI-Based Cybersecurity Operation. Journal of The Colloquium for Information Systems Security Education 13(1), 21-21. https://doi.org/10.53735/cisse.v13i1.241
  8. Chavan, N., Patel, H., & Shah, K. (2025, April). Comprehensive Approach to Android Penetration Testing: Techniques, Tools and Best Practices for Securing Mobile Applications. 12th International Conference on Computing for Sustainable Global Development (INDIACom) (pp. 01-07). IEEE. http://doi.org/10.23919/INDIACom66777.2025.11115701

Details

Primary Language

English

Subjects

Information Systems (Other), Autonomous Agents and Multiagent Systems

Journal Section

Research Article

Publication Date

June 29, 2026

Submission Date

March 29, 2026

Acceptance Date

June 22, 2026

Published in Issue

Year 2026 Volume: 19 Number: 1

APA
Parmaksız, H., & Turhan, Ö. (2026). Open-Source Automation in Cyber Incident Response Processes: A Low-Code-Based Continuous Detection, Verification, and Response Architecture. Beykent Üniversitesi Fen Ve Mühendislik Bilimleri Dergisi, 19(1), 32-54. https://doi.org/10.20854/bujse.1918683
AMA
1.Parmaksız H, Turhan Ö. Open-Source Automation in Cyber Incident Response Processes: A Low-Code-Based Continuous Detection, Verification, and Response Architecture. BUJSE. 2026;19(1):32-54. doi:10.20854/bujse.1918683
Chicago
Parmaksız, Hüseyin, and Ömer Turhan. 2026. “Open-Source Automation in Cyber Incident Response Processes: A Low-Code-Based Continuous Detection, Verification, and Response Architecture”. Beykent Üniversitesi Fen Ve Mühendislik Bilimleri Dergisi 19 (1): 32-54. https://doi.org/10.20854/bujse.1918683.
EndNote
Parmaksız H, Turhan Ö (June 1, 2026) Open-Source Automation in Cyber Incident Response Processes: A Low-Code-Based Continuous Detection, Verification, and Response Architecture. Beykent Üniversitesi Fen ve Mühendislik Bilimleri Dergisi 19 1 32–54.
IEEE
[1]H. Parmaksız and Ö. Turhan, “Open-Source Automation in Cyber Incident Response Processes: A Low-Code-Based Continuous Detection, Verification, and Response Architecture”, BUJSE, vol. 19, no. 1, pp. 32–54, June 2026, doi: 10.20854/bujse.1918683.
ISNAD
Parmaksız, Hüseyin - Turhan, Ömer. “Open-Source Automation in Cyber Incident Response Processes: A Low-Code-Based Continuous Detection, Verification, and Response Architecture”. Beykent Üniversitesi Fen ve Mühendislik Bilimleri Dergisi 19/1 (June 1, 2026): 32-54. https://doi.org/10.20854/bujse.1918683.
JAMA
1.Parmaksız H, Turhan Ö. Open-Source Automation in Cyber Incident Response Processes: A Low-Code-Based Continuous Detection, Verification, and Response Architecture. BUJSE. 2026;19:32–54.
MLA
Parmaksız, Hüseyin, and Ömer Turhan. “Open-Source Automation in Cyber Incident Response Processes: A Low-Code-Based Continuous Detection, Verification, and Response Architecture”. Beykent Üniversitesi Fen Ve Mühendislik Bilimleri Dergisi, vol. 19, no. 1, June 2026, pp. 32-54, doi:10.20854/bujse.1918683.
Vancouver
1.Hüseyin Parmaksız, Ömer Turhan. Open-Source Automation in Cyber Incident Response Processes: A Low-Code-Based Continuous Detection, Verification, and Response Architecture. BUJSE. 2026 Jun. 1;19(1):32-54. doi:10.20854/bujse.1918683