SOAR

From Vacula Wiki
Jump to navigation Jump to search
  • Combines different tools to improve efficiency
  • Combines detection and response
  • Automates repetitive processes in an SOC
    • False positive detection
  • Usually includes AI/ML as part of detection/response efforts
  • Prioritizes important tools

Examples

  • Identify suspicious emails
    • Mark as possible phishing
    • Quarantine existing copies
    • Block source IP address
  • Perform vulnerability scans
    • Apply defenses