Security Orchestration, Automation and Response
SOAR refers to technologies that enable organizations to collect inputs monitored by the security operations team. For example, alerts from the SIEM system and other security technologies — where incident analysis and triage can be performed by leveraging a combination of human and machine power — help define, prioritize and drive standardized incident response activities.
SOAR technologies enable clients to effectively monitor, understand, and react to the security incidents in a digital workflow format from one spot.
SOAR tools are designed to integrate into large scale networks. Thanks to their versatile properties SOAR systems can be integrated to any network of any client.
What is the difference between Automation and orchestration?
Security Automation makes Cyber Security Operations more effective,
Orchestration makes all the cyber security tools connected into one system
Splunk Phantom Security Orchestration & Automation
Splunk Phantom works base on so called “playbooks”. Each playbook is a matrix of actions for any asset in a form of block diagram. The main function of the playbook is to properly identify events in the automated investigation process.
Splunk Phantom combines orchestration of the cybersecurity infrastructure, automation of the incidents management,
Splunk Phantom executes within seconds, not minutes or hours.