KHOI | Blog

SOAR Playbooks

Fri, Nov 24, 2023 · 3 min read
Blog post image
Table of contents

This is Week 9 at CodePath's Intermediate Cybersecurity course!


SOAR stands for Security Orchestration, Automation and Response.

It is a technology solution that aims to streamline and automate the security operations process by integrating various security tools and processes (eg: SIEM, threat intelligence, etc.) into a single platform.

SOAR platform can automatically collect and analyze security alerts from multiple sources, correlate events to identify potential threats, and initiate a response based on pre-defined playbooks.

→ Help organizations respond more quickly and effectively.

SOAR Playbooks

SOAR platforms typically provide a range of pre-built playbooks that can be customized to meet an organization’s specific security needs. These playbooks are based on industry-standard frameworks and best practices. These include:

  • COPS — provides a standardized way for SOAR platforms to communicate with different systems & devices to ensure that security policies are consistently enforced across an organization’s IT infrastructure.
  • OASIS CACAO — defines a set of reusable & shareable artifacts, including use case templates, workflows, & playbooks.
  • RE&ACT — provides a standardized way for SOAR platforms to exchange info & automate security operations. By using a common language and framework, RE&ACT aims to improve the ability of organizations to protect their assets & data.