Splunk SOAR Playbooks: Cisco Umbrella DNS Denylisting
The Cisco Umbrella DNS Denylisting playbook is an input playbook that accepts a domain or list of domains as an input and then allows you to block the given domain(s) in Cisco Umbrella.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
SOAR
The latest News and Information on Security Orchestration, Automation and Response.
Short Staffed? Try Using SOAR to Augment Your Security Team
The tech world is grappling with an imbalance between skilled technical talent availability and demand, with far-reaching impacts. Combined with tightened budgets, staff shortages can leave your organization vulnerable to hacking and cyberattacks. Let’s look at just two of the industries being affected: higher education and state and local governments.
Sponsored Post
A Look into Modern Security Orchestration
Have you ever thought there could be a smarter way to handle your organization's app security? In this blog post we're going to provide an overview of modern Security Orchestration, show how it fits perfectly with DevSecOps and how to make sure that security is part of your software development lifecycle right from the start.
Introducing Our New SOAR Integrations: Why Panorama and FortiManager Users Should Be Excited
Hello there, cybersecurity aficionados! We're thrilled to unveil our latest and greatest Splunk SOAR apps, tailored for the giants of the firewall space: Panorama and FortiManager. These sophisticated apps help us deliver the most compelling automation for our community, no matter the tools they have deployed. Much like our playbooks packs from earlier this year, these integrations are another great way for users to align their incident response approach to MITRE D3FEND.
Reduce Operational Complexity with Splunk SOAR Logic Loops
Last week, we released Splunk SOAR 6.2 (Security Orchestration Automation and Response) and in the accompanying announcement blog, we highlighted some of the new key features found in this release. Today, we want to take a more in-depth look at one of those features, logic loops, and show how they make it easier than ever for security engineers and analysts to save time and cut down on repetitive manual tasks.
Splunk SOAR Logic Loops Demo
Logic Loops are a feature in Splunk SOAR that allow users to reduce the operational complexity of building and maintaining playbooks that require repeatable looping functionalities without having to write their own custom code. This iterative function allows users to automatically retry playbook actions if they fail, or continue with the rest of the playbook when the action succeeds. This function can be applied to use cases like sandbox engines for malicious URL quarantine and remediation as well as forensic investigation workflows.
SOAR: Security Orchestration, Automation & Response
An important piece of cybersecurity, SOAR solutions provide a single location for you to observe, understand, and decide how to respond to security incidents. Short for security orchestration, automation and response, true SOAR solutions are operational tools that can be very flexible and powerful, useful even beyond security use cases. In this article, we’ll explore what SOAR is, why it’s important for enterprises and how you can get the most value from your SOAR solution.
Tech Talk Webinar - Elastic SIEM + Tines SOAR
Together, Tines and Elastic provide security teams with the information they need to investigate alerts and make business-critical decisions all in one place — saving valuable time and resources. By combining detection and alerting delivered by Elastic Security with Tines’ automation, SOC teams can support continuous monitoring, threat detection and prevention, alert enrichment, incident response and more.
SOARing High for M-21-31
As most folks who work in the US Federal Civilian space are aware, we are now past the August 2023 date to meet Enterprise Logging Level 3 (EL3) in support of the M-21-31 OMB Mandate. As part of the Advanced Requirements in EL3, Logging Orchestration, Automation, & Response enters Finalizing Implementation, meaning agencies should be completing and rolling out automated incident response playbooks.
Splunk SOAR Playbooks - Dynamic Identifier Reputation Analysis (Part 2)
The Dynamic Identifier Reputation Analysis playbook is an essential tool for any security operations center (SOC) team looking for a comprehensive view of their environment’s threat landscape. By leveraging MITRE DEFEND's approach for dynamic identifier reputation analysis, SOC teams can quickly identify potential threats and vulnerabilities and take proactive steps towards mitigating risk before it causes damage.