4 Quick Dig into SOAR Tools

The previous chapters introduced SOAR as a tool and discussed how it can help in day-to-day SOC operations. It can start with case management, helping to orchestrate incident assignments. Then, it can automate everyday tasks where SOC analysts use many tools/windows, enrich an incident with additional data, or even respond to the incident. Finally, it can assist with reporting for better analysis and incident response planning in the future.

In this chapter, we will focus on a few popular SOAR tools and understand how they are combined with SIEM tools. We also dive deep into their main functionalities and learn how they can be used for incident management, investigation, automation, reporting, TI/TVM, and administration ...

Get Security Orchestration, Automation, and Response for Security Analysts now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Security Orchestration, Automation, and Response for Security Analysts by Benjamin Kovacevic, Nicholas Dicola

4

Quick Dig into SOAR Tools

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly