Self-Hosted Incident Response Platforms

Dispatch is an incident response orchestration platform that automates the coordination of detection, participant assembly, and task tracking across existing communication and project management tools. It provides a web-configurable state machine to manage incident lifecycle transitions, with template-driven incident models that define types, priorities, and severity levels. The platform enforces role-based access control to map user roles to specific actions and data access, while maintaining a database-backed audit trail of all incident events and system changes for compliance and post-incid

TheHive is a security incident response platform and multi-tenant case management system. It functions as a Security Orchestration, Automation, and Response (SOAR) tool and a threat intelligence platform designed to coordinate security investigations by managing alerts, cases, and observables. The platform is distinguished by its multi-tenant architecture, which isolates data across different organizations while supporting selective cross-tenant sharing. It features a SOAR automation engine capable of executing sandboxed JavaScript logic to automate workflows and trigger response actions thro

Wazuh is an integrated security platform that combines endpoint detection and response, security information and event management, and cloud workload protection. It functions as a centralized system for collecting telemetry, aggregating logs, and correlating events across distributed infrastructure to maintain security and integrity. The platform distinguishes itself through its active response orchestration, which allows for the automated execution of scripts on remote endpoints to neutralize threats in real time. It provides deep visibility into system activity through file integrity monito

Chi is a lightweight, idiomatic router and middleware framework for building web services in Go. It is designed to integrate directly with the standard library, providing a set of utilities for managing HTTP request routing, context propagation, and modular service composition. The project distinguishes itself through a radix-tree-based routing system that supports recursive nesting, allowing developers to mount independent sub-routers onto specific path prefixes. This hierarchical structure enables the creation of organized, modular applications where request handlers are grouped and managed

StackStorm is an event-driven automation platform that watches for events from external systems and triggers workflows, actions, and remediation across infrastructure tools. At its core, it provides a workflow orchestration engine that chains multiple actions and conditional logic into reusable, multi-step workflows for complex automation tasks, alongside a rules engine that applies matching criteria to triggers and maps trigger payload data to action inputs for automated responses. The platform distinguishes itself through a ChatOps integration framework that enables executing commands and r

Cachet is a self-hosted, open-source status page system designed to communicate service uptime, incident history, and infrastructure performance to end users. It provides a centralized dashboard for managing the operational lifecycle of system components, tracking service disruptions, and scheduling maintenance windows. The platform distinguishes itself through a comprehensive RESTful API that enables programmatic status page management and automated incident reporting. It supports deep integration with external monitoring tools, allowing for the synchronization of performance metrics and the

Horizon is a realtime API server and RethinkDB backend designed to push database changes instantly to front-end clients. It utilizes a WebSocket data streaming API to synchronize data between the database and user interfaces without requiring manual polling. The project integrates an OAuth identity manager for verifying user identities through third-party providers and a role-based access control system to define granular permissions for viewing or modifying database documents. It is delivered as a containerized backend framework, allowing the server and its dependencies to be deployed as a p

Gotify is a self-hosted notification server designed to centralize the receipt and dispatch of real-time messages. It provides a RESTful API and a WebSocket gateway, allowing users to programmatically send alerts and push notifications to connected clients. By maintaining a private infrastructure, the platform ensures full control over message history, data retention, and access management. The system distinguishes itself through a modular, plugin-based architecture that allows for the extension of core functionality, including custom HTTP endpoints and webhook event processing. It supports g