%term

The latest News and Information on Security Orchestration, Automation and Response.

Securing DoD Systems - A Look at SOAR

Jan 14, 2022 By Tim Frank In Splunk

It would be hard to overstate the critical importance of security orchestration, automation and response (SOAR) capabilities for the effective mission success of security operations centers (SOC). Without a solid SOAR capability in place, an SOC will be easily overwhelmed with routine and repetitive tasks that in and of themselves could become a vulnerability.

Read Post

Splunk

Read more about Securing DoD Systems - A Look at SOAR

Splunk SOAR Playbooks: TruSTAR Indicator Enrichment

Dec 14, 2021 By Philip Royer In Splunk

SOAR use cases come in all shapes and sizes, but almost all of them rely on threat intelligence to determine the risk posed by the various indicators in the event. Our two new community playbooks leverage Splunk Intelligence Management (previously TruSTAR) to gather intelligence about indicators and enable rapid manual response by an analyst within a single prompt.

Read Post

Splunk

Read more about Splunk SOAR Playbooks: TruSTAR Indicator Enrichment

Splunk SOAR Playbooks: TruSTAR Indicator Enrichment

Dec 9, 2021 By Splunk In Splunk

This playbook shows how Splunk Intelligence Management (formerly TruSTAR) normalized indicator enrichment is captured within the notes of a container for an analyst to view details and specify subsequent actions directly within a single Splunk SOAR prompt for rapid manual response.

View Video

Splunk

Read more about Splunk SOAR Playbooks: TruSTAR Indicator Enrichment

To Reinvent SOAR, Automation Is only a Feature

Dec 7, 2021 By Omer Efrat In Torq

Security, by its very nature, is one of the most innovative fields on the planet. Every technological advancement carries with it a handful or more of new attack vectors, which in turn lead to a dizzying amount of security innovation as our industry works to mitigate risk and defend against threats. But for all this innovation, there are a few ways in which security lags far behind.

Read Post

Torq

Read more about To Reinvent SOAR, Automation Is only a Feature

How Cloud SOAR helps teams boost security during cloud migration

Nov 23, 2021 By Davor Karafiloski In Sumo Logic

Cloud computing is exploding, and with the shift to the cloud accelerated by the COVID-19 crisis, more and more companies are bidding farewell to their on-premises solutions and welcoming the new age of the cloud. Read on to find out how Sumo Logic Cloud SOAR can help your organization strengthen its security posture amid a globally accelerated cloud adoption.

Read Post

Sumo Logic

Read more about How Cloud SOAR helps teams boost security during cloud migration

Splunk Wins Third Ever NAVWAR Enterprise Artificial Intelligence Prize Challenge for Exceptional SOAR Capabilities

Nov 18, 2021 By Dave Donnelly In Splunk

Naval Information Warfare Systems Command (NAVWAR) enterprise recently announced that Splunk is the winner of its third prize challenge in the Artificial Intelligence Applications to Autonomous Cybersecurity (AI ATAC) Challenge series.

Read Post

Splunk

Read more about Splunk Wins Third Ever NAVWAR Enterprise Artificial Intelligence Prize Challenge for Exceptional SOAR Capabilities

Splunk SOAR Playbooks: Suspicious Email Domain Enrichment

Nov 17, 2021 By Splunk In Splunk

This playbook focuses specifically on domain names contained in the ingested email, and it uses Cisco Umbrella Investigate to add the risk score, risk status, and domain category to the event in Splunk SOAR.

View Video

Splunk

Read more about Splunk SOAR Playbooks: Suspicious Email Domain Enrichment

Splunk SOAR Feature Overview: Visual Playbook Editor + Input Playbooks

Nov 17, 2021 By Splunk In Splunk

Splunk SOAR’s new, modern visual playbook editor makes it easier than ever to create, edit, implement and scale automated playbooks to help your team eliminate security analyst grunt work, and respond to security incidents at machine speed. Now, anyone can automate, allowing your team to achieve faster time to value from your SOAR tool. In this demo, we'll show you how to build an "input playbook". Input playbooks are used to automate simple IT and security tasks, and can then be leveraged as part of larger, more complex playbooks for a more modular approach to automation. For a more in-depth look at the new visual playbook editor and input playbooks, watch this video.

View Video

Splunk

Read more about Splunk SOAR Feature Overview: Visual Playbook Editor + Input Playbooks

Splunk SOAR Playbook - Malware Triage with Crowdstrike and Splunk Phantom

Nov 9, 2021 By Splunk In Splunk

Tune into the Tech Talk to learn about the combination of Crowdstrike and Splunk Phantom that allows for a smooth operational flow from detecting endpoint security alerts to operationalizing threat intelligence and automatically taking the first few response steps – all in a matter of seconds.

View Video

Splunk

Read more about Splunk SOAR Playbook - Malware Triage with Crowdstrike and Splunk Phantom

Splunk SOAR Playbook - Finding and Disabling Inactive Users on AWS

Nov 9, 2021 By Splunk In Splunk

Tune in to the Tech Talk to learn about the importance of regularly checking inactive user accounts within your organization, how to automate the process of checking for these users, and how these Splunk Phantom playbooks work together to protect your AWS environment.

View Video