You're reading from Security Orchestration, Automation, and Response for Security Analysts Learn the secrets of SOAR to improve MTTA and MTTR and strengthen your organization's security posture

Product type Paperback

Published in Jul 2023

Publisher Packt

ISBN-13 9781803242910

Length 338 pages

Edition 1st Edition

Tools

Microsoft Sentinel

Concepts

Cybersecurity

Author (1):

Benjamin Kovacevic

View More author details

Table of Contents (14) Chapters

Preface

1. Part 1: Intro to SOAR and Its Elements

2. Chapter 1: The Current State of Cybersecurity and the Role of SOAR FREE CHAPTER

3. Chapter 2: A Deep Dive into Incident Management and Investigation

4. Chapter 3: A Deep Dive into Automation and Reporting

5. Part 2: SOAR Tools and Automation Hands-On Examples

6. Chapter 4: Quick Dig into SOAR Tools

7. Chapter 5: Introducing Microsoft Sentinel Automation

8. Chapter 6: Enriching Incidents Using Automation

9. Chapter 7: Managing Incidents with Automation

10. Chapter 8: Responding to Incidents Using Automation

11. Chapter 9: Mastering Microsoft Sentinel Automation: Tips and Tricks

12. Index

Why subscribe?

13. Other Books You May Enjoy

Automating responses to incidents

In organizations, we have multiple teams handling different segments of IT. We have networking departments, system administration, device management teams, and so on. Traditionally, when we have an incident and the SOC needs to isolate a machine or block an IP in the firewall, they would need to raise a ticket in ITSM or send an email request. The department in question then picks this up and acts on it. However, this takes time. An analyst needs to log in to ITSM, open a new ticket, enter all data and a justification in detail, and submit it. Then, the appropriate department needs to verify and act on it, which means they will need to copy the IP or host details, go to the appropriate system, and update it. This adds many unnecessary steps.

With automation, this process can be more efficient. After SOC analysts do their investigation and realize that they need to isolate a machine or block an IP address, they can run a playbook that will perform...

The rest of the chapter is locked

You're reading from Security Orchestration, Automation, and Response for Security Analysts Learn the secrets of SOAR to improve MTTA and MTTR and strengthen your organization's security posture

Table of Contents (14) Chapters

Automating responses to incidents

Authors (1)

Personalised recommendations for you

You're reading from Security Orchestration, Automation, and Response for Security Analysts Learn the secrets of SOAR to improve MTTA and MTTR and strengthen your organization's security posture

Table of Contents (14) Chapters

Automating responses to incidents

Unlock this book and the full library FREE for 7 days

Authors (1)

Personalised recommendations for you