Automatic and scheduled investigations
Automation has gained traction in the last 2-3 years in security solutions, and a Security Orchestration, Automation, and Response (SOAR) solution is a prime example of this.
See https://blog.logsign.com/security-orchestration-automation-and-response-soar-description-and-functional-components-part-1/ for a useful commentary on SOAR.
Automation is a necessity for an organization's cybersecurity as it enables the internal security team to focus their full attention on serious and important events or incidents. A SOAR solution has a set of standard uses, such as incident analysis, threat hunting, incident assignment, phishing attacks, incident investigations, and so on. IR playbooks guarantee that the objectives of these uses are met. An IR playbook can be defined as a set of rules that get triggered due to one or more security events, and accordingly, a pre-defined action is executed with input data. We considered...