Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Internet Storm Center Internet Storm Center

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

SOAR or not to SOAR?

Published: 2020-02-16
Last Updated: 2020-02-16 17:22:50 UTC
by Guy Bruneau (Version: 1)
3 comment(s)

Security, Orchestration, Automation and Response (SOAR) allow organizations to collect data about security threats from multiple sources to automate an appropriate response on repetitive tasks. As an analyst you need to juggle and pivot several times a day between multiple tools and devices to evaluate a huge amount information and deal with flood of repetitive tasks such as alerts, tickets, email, threat intelligence data, etc. The end goal is to centralize everything in one location to improve analysis using captured institutionalized knowledge.

If you are already using a SOAR tool, what were the main reasons to buy it and did it improve your ability to standardize response procedure in a digital workflow format and standardize best practice?

If you are not using SOAR but are considering implementing it, what are the main qualities you are looking for in this tool?

-----------
Guy Bruneau IPSS Inc.
My Handler Page
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

3 comment(s)

If you have more information or corrections regarding our diary, please share.

Recent Diaries

bsdtar on Windows 10
Feb 15th 2020
1 day ago by DidierStevens (0 comments)

Keep an Eye on Command-Line Browsers
Feb 14th 2020
2 days ago by Xme (0 comments)

Auth-mageddon deferred (but not averted), Microsoft LDAP Changes now slated for Q3Q4 2020
Feb 13th 2020
3 days ago by Rob VandenBrink (0 comments)

March Patch Tuesday is Coming - the LDAP Changes will Change Your Life!
Feb 13th 2020
3 days ago by Rob VandenBrink (0 comments)

Malpsam pushes Ursnif through Italian language Word docs
Feb 12th 2020
4 days ago by Brad (0 comments)

Microsoft Patch Tuesday for February 2020
Feb 11th 2020
5 days ago by Renato (0 comments)

Current PayPal phishing campaign or "give me all your personal information"
Feb 10th 2020
6 days ago by Jan (0 comments)

View All Diaries →

Latest Discussions

TikTok app possibly using DNS over HTTPS directly
created Feb 15th 2020
1 day ago by jauntysankey (0 replies)

Zip password recovery
created Jan 17th 2020
4 weeks ago by Anonymous (0 replies)

Strange Google-ish domain name lookups after update to Android 10
created Dec 21st 2019
1 month ago by jauntysankey (0 replies)

SANS IP data inconsistency
created Dec 14th 2019
2 months ago by phbits (0 replies)

Are SANS ISC InfoSec News RSS Feed broken?
created Dec 11th 2019
2 months ago by Rumahpods (0 replies)

View All Forums →

Latest News

Top Diaries

An infection from Rig exploit kit
Jun 17th 2019
8 months ago by Brad (0 comments)

Wide-scale Petya variant ransomware attack noted
Jun 27th 2017
2 years ago by Brad (0 comments)

Using a Raspberry Pi honeypot to contribute data to DShield/ISC
Aug 3rd 2017
2 years ago by Johannes (0 comments)

Second Google Chrome Extension Banker Malware in Two Weeks
Aug 29th 2017
2 years ago by Renato (0 comments)

Detection Lab: Visibility & Introspection for Defenders
Dec 15th 2017
2 years ago by Russ McRee (0 comments)