SOAR (Security Orchestration, Automation and Response)
SOAR is a tool that automates various tasks during security incident response. In line with a kind of workflow called a pre-defined "playbook", it cooperates with various security devices and external threat intelligence, investigates suspicious files more deeply based on the content of alerts, and searches for dangerous IP addresses and URLs. such as blocking access to
Until now, security personnel have received and manually processed alerts from EDR, XDR, SIEM, etc. However, as security personnel are in short supply, the burden on those in charge is only increasing. SOAR reduces that burden, processes without mistakes when a prompt response is required, records when and how the response was made, and provides information necessary for reporting and notifying the authorities as required by laws and regulations. I will leave the information.
Related Links
Click here for details
CrowdStrike page (https://www.macnica.co.jp/business/security/manufacturers/crowdstrike/)
Splunk page (https://www.macnica.co.jp/business/security/manufacturers/splunk/)
Trellix page (https://www.macnica.co.jp/business/security/manufacturers/trellix/)
Exabeam page (https://www.macnica.co.jp/business/security/manufacturers/exabeam/)