This is Week 9 at CodePath's Intermediate Cybersecurity course!
SOAR
SOAR stands for Security Orchestration, Automation and Response.
It is a technology solution that aims to streamline and automate the security operations process by integrating various security tools and processes (eg: SIEM, threat intelligence, etc.) into a single platform.
SOAR platform can automatically collect and analyze security alerts from multiple sources, correlate events to identify potential threats, and initiate a response based on pre-defined playbooks.
→ Help organizations respond more quickly and effectively.
SOAR Playbooks
SOAR platforms typically provide a range of pre-built playbooks that can be customized to meet an organization’s specific security needs. These playbooks are based on industry-standard frameworks and best practices. These include:
- COPS — provides a standardized way for SOAR platforms to communicate with different systems & devices to ensure that security policies are consistently enforced across an organization’s IT infrastructure.
- OASIS CACAO — defines a set of reusable & shareable artifacts, including use case templates, workflows, & playbooks.
- RE&ACT — provides a standardized way for SOAR platforms to exchange info & automate security operations. By using a common language and framework, RE&ACT aims to improve the ability of organizations to protect their assets & data.