Chapter 11: Integrating SOAR Capabilities into Incident Response

In the previous chapter, we learned how to implement an incident response (IR) platform and integrate intelligence capacities. In this chapter, we are going to integrate Security Orchestration, Automation, and Response (SOAR) to improve the efficiency of the IR process.

To do this, we are going to use Security Onion, an open source and free platform to perform security monitoring, IR, and threat hunting, and we are going to implement additional orchestration tools to improve the investigation capabilities.

In this chapter, you will learn about the following: 

  • Understanding the principles and capabilities of SOAR
  • A SOAR use case – identifying malicious communications
  • Escalating ...

Get Incident Response with Threat Intelligence now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.