You're reading from Security Orchestration, Automation, and Response for Security Analysts Learn the secrets of SOAR to improve MTTA and MTTR and strengthen your organization's security posture

Product type Paperback

Published in Jul 2023

Publisher Packt

ISBN-13 9781803242910

Length 338 pages

Edition 1st Edition

Tools

Microsoft Sentinel

Concepts

Cybersecurity

Author (1):

Benjamin Kovacevic

View More author details

Table of Contents (14) Chapters

Preface

1. Part 1: Intro to SOAR and Its Elements

2. Chapter 1: The Current State of Cybersecurity and the Role of SOAR FREE CHAPTER

3. Chapter 2: A Deep Dive into Incident Management and Investigation

4. Chapter 3: A Deep Dive into Automation and Reporting

5. Part 2: SOAR Tools and Automation Hands-On Examples

6. Chapter 4: Quick Dig into SOAR Tools

7. Chapter 5: Introducing Microsoft Sentinel Automation

8. Chapter 6: Enriching Incidents Using Automation

9. Chapter 7: Managing Incidents with Automation

10. Chapter 8: Responding to Incidents Using Automation

11. Chapter 9: Mastering Microsoft Sentinel Automation: Tips and Tricks

12. Index

Why subscribe?

13. Other Books You May Enjoy

A Deep Dive into Automation and Reporting

The last chapter covered two SOAR elements – incident management and investigation. This chapter will continue to drill down into SOAR elements and focus on automation and reporting. With more and more incidents to investigate, SOC analysts are often under pressure to ensure that the MTTA and MTTR meet the organization’s policies. If we also consider that many incidents are similar and that a SOC analyst needs to perform the same actions repeatedly, it reveals why automation is such an important aspect of SOC and why it is a SOC analyst’s best friend.

After looking at automation, we will jump into reporting, including how it can help organizations perform analysis, and how we can utilize it to hunt through data. We will then wrap up this chapter by focusing on Threat Intelligence (TI) and Threat and Vulnerability Management (TVM) and how they can enrich a SOC’s investigation with invaluable data.

In a nutshell...

The rest of the chapter is locked

You're reading from Security Orchestration, Automation, and Response for Security Analysts Learn the secrets of SOAR to improve MTTA and MTTR and strengthen your organization's security posture

Table of Contents (14) Chapters

A Deep Dive into Automation and Reporting

Authors (1)

Personalised recommendations for you

You're reading from Security Orchestration, Automation, and Response for Security Analysts Learn the secrets of SOAR to improve MTTA and MTTR and strengthen your organization's security posture

Table of Contents (14) Chapters

A Deep Dive into Automation and Reporting

Unlock this book and the full library FREE for 7 days

Authors (1)

Personalised recommendations for you