stoQ is an open source, enterprise-ready automation framework designed to streamline and scale security analysis workflows through modular plugins and asynchronous processing.
An open source framework for enterprise level automated analysis.
stoQ is used by security analysts and DevSecOps teams to automate repetitive tasks such as data parsing, decoding, scanning, and processing from various sources, enabling faster incident response and threat hunting. It is ideal for organizations seeking a scalable, customizable framework that integrates with diverse data sources and processing tools without enforcing a fixed workflow.
stoQ requires Python environment with AsyncIO support and benefits from integration with cloud or container orchestration platforms for scalability. Users should leverage the extensive plugin ecosystem to tailor workflows to their environment and maintain up-to-date plugins for best results. High test coverage and type checking ensure reliability, but users should review plugin compatibility when upgrading.
Visit the official documentation at https://stoq-framework.readthedocs.io/
Follow the installation guide at https://stoq-framework.readthedocs.io/en/latest/installation.html
Install via PyPI using pip: pip install stoq-framework
Optionally, pull the Docker image from Docker Hub: docker pull punchcyber/stoq
Explore and install plugins from the public repository https://github.com/PUNCH-Cyber/stoq-plugins-publicstoq --help
Displays help information and available commands for stoQ.
stoq scan <file_or_directory>
Scans a file or directory using configured plugins and outputs analysis results.
stoq decode <file>
Decodes input data using specified decoder plugins.
stoq plugin list
Lists all installed and available plugins.