Open-Source Automation in Cyber Incident Response Processes: A Low-Code-Based Continuous Detection, Verification, and Response Architecture
Öz
Cyber threats are becoming increasingly complex; organizations face difficulties in implementing security policies due to staffing shortages and financial constraints. Manual approaches lead to high "wait times" and false alarms, exposing organizations to risks from cyberattacks. This study proposes a cost-effective, open-source, and lowcode Security Orchestration, Automation, and Response framework for public and private organizations. The proposed system incorporates Wazuh, n8n, OpenVAS, and GLPI solutions and is implemented using a Docker microservice-based architecture operating according to a "zero-touch" approach. The presented solution will help Türkiye develop its national cybersecurity infrastructure at the micro level by minimizing the need for highly skilled personnel.
Anahtar Kelimeler
Kaynakça
- Aksu, M. U., Altuncu, E., & Bicakci, K. (2019, February). A first look at the usability of openvas vulnerability scanner. In Workshop on usable security (USEC) (pp. 1-7). https://doi.org/10.14722/usec.2019.23026 Al Mansoori, F. (2023). Layered Deep Neural Systems for Dynamic Multi-Agent Interaction, Adaptive Workflow Optimization, and Autonomous Decision Execution in n8n. ThinkTide Global Research Journal, 4(4), 30-38. https://thinktidejournal.com/index.php/TGRJ/article/view/42
- Al Siam, A., Hassan, M. M., Masum, A. K. M., & Bhuiyan, T. (2025, October). Automating Malware Detection and Response via Real-Time Threat Feed Integration with Wazuh SIEM. 2nd International Conference on Computing, Applications and Systems (COMPAS) (pp. 1-6). IEEE. https://doi.org/10.1109/COMPAS67506.2025.11381876 Alabdulhadi, S., & Al-Matouq, A. (2024). Efficient and standardized alarm rationalization for cybersecurity monitoring. IEEE Access, 12, 166936-166944. https://doi.org/10.1109/ACCESS.2024.3492264
- Ayittey, G. (2025). A security operations and analytics framework: Continuous detection and response [Doctoral dissertation, University of East London]. https://doi.org/10.15123/uel.8z91z
- Bakraouy, Z., Abbass, W., Baïna, A., & Bellafkih, M. The IT Infrastructure's Industrialization and Mastering. J. Commun., 14(10), 884-891. https://doi.org/10.12720/jcm.14.10.884-891
- Bcicen, B., (2022, March 22). ctop: Top-like interface for container metrics. GitHub. Accessed: 11 April 2026. https://github.com/bcicen/ctop
- Boyle, E., & Adebayo, Y. (2020). Designing intelligent security orchestration, automation, and response (SOAR) systems with AI. Revista Cintex, 25(2), 14-27.
- Casaclang, H., Ionescu, B., Kim, Y., & Jo, J. Y. (2026, March). Self-Hosted Workflow Automation for AI-Based Cybersecurity Operation. Journal of The Colloquium for Information Systems Security Education 13(1), 21-21. https://doi.org/10.53735/cisse.v13i1.241
- Chavan, N., Patel, H., & Shah, K. (2025, April). Comprehensive Approach to Android Penetration Testing: Techniques, Tools and Best Practices for Securing Mobile Applications. 12th International Conference on Computing for Sustainable Global Development (INDIACom) (pp. 01-07). IEEE. http://doi.org/10.23919/INDIACom66777.2025.11115701
Ayrıntılar
Birincil Dil
İngilizce
Konular
Bilgi Sistemleri (Diğer), Otonom Ajanlar ve Çok Yönlü Sistemler
Bölüm
Araştırma Makalesi
Yayımlanma Tarihi
29 Haziran 2026
Gönderilme Tarihi
29 Mart 2026
Kabul Tarihi
22 Haziran 2026
Yayımlandığı Sayı
Yıl 2026 Cilt: 19 Sayı: 1
