You're reading from Security Orchestration, Automation, and Response for Security Analysts Learn the secrets of SOAR to improve MTTA and MTTR and strengthen your organization's security posture

Product type Paperback

Published in Jul 2023

Publisher Packt

ISBN-13 9781803242910

Length 338 pages

Edition 1st Edition

Tools

Microsoft Sentinel

Concepts

Cybersecurity

Author (1):

Benjamin Kovacevic

View More author details

Table of Contents (14) Chapters

Preface

1. Part 1: Intro to SOAR and Its Elements

2. Chapter 1: The Current State of Cybersecurity and the Role of SOAR FREE CHAPTER

3. Chapter 2: A Deep Dive into Incident Management and Investigation

4. Chapter 3: A Deep Dive into Automation and Reporting

5. Part 2: SOAR Tools and Automation Hands-On Examples

6. Chapter 4: Quick Dig into SOAR Tools

7. Chapter 5: Introducing Microsoft Sentinel Automation

8. Chapter 6: Enriching Incidents Using Automation

9. Chapter 7: Managing Incidents with Automation

10. Chapter 8: Responding to Incidents Using Automation

11. Chapter 9: Mastering Microsoft Sentinel Automation: Tips and Tricks

12. Index

Why subscribe?

13. Other Books You May Enjoy

An in-depth view of automation

One thing that we’ve mentioned a few times already, and that will be mentioned a few more times, is that one of the most critical SOAR tasks is minimizing the MTTA and MTTR. There is no better way to do so than by utilizing automation.

Automation is commonly implemented using playbooks. A playbook contains a list of actions that will be performed once it runs. An action can be, for example, getting more details about an incident, getting more information about specific data from external services, or sending a notification to a service.

Let’s look at the example of an incident investigation with no automation. Once an incident is detected, an analyst has to perform an initial triage to see whether the incident is a true or false positive. Commonly, that will be performed by looking at the entities (IP, account, host, URL, and so on) and activities associated with the incident. For example, say a user is signing in from an unfamiliar...

The rest of the chapter is locked

You're reading from Security Orchestration, Automation, and Response for Security Analysts Learn the secrets of SOAR to improve MTTA and MTTR and strengthen your organization's security posture

Table of Contents (14) Chapters

An in-depth view of automation

Authors (1)

Personalised recommendations for you

You're reading from Security Orchestration, Automation, and Response for Security Analysts Learn the secrets of SOAR to improve MTTA and MTTR and strengthen your organization's security posture

Table of Contents (14) Chapters

An in-depth view of automation

Unlock this book and the full library FREE for 7 days

Authors (1)

Personalised recommendations for you