3 A Deep Dive into Automation and Reporting

The last chapter covered two SOAR elements – incident management and investigation. This chapter will continue to drill down into SOAR elements and focus on automation and reporting. With more and more incidents to investigate, SOC analysts are often under pressure to ensure that the MTTA and MTTR meet the organization’s policies. If we also consider that many incidents are similar and that a SOC analyst needs to perform the same actions repeatedly, it reveals why automation is such an important aspect of SOC and why it is a SOC analyst’s best friend.

After looking at automation, we will jump into reporting, including how it can help organizations perform analysis, and how we can utilize it to hunt ...

Get Security Orchestration, Automation, and Response for Security Analysts now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Security Orchestration, Automation, and Response for Security Analysts by Benjamin Kovacevic, Nicholas Dicola

3

A Deep Dive into Automation and Reporting

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly