EPISODE · May 17, 2025 · 13 MIN
Security Orchestration, Automation, and Response for Security Analysts: Learn the secrets of SOAR to improve MTTA and MTTR
from CyberSecurity Summary · host CyberSecurity Summary
Focuses on SOAR solutions and their role in modern cybersecurity. It emphasizes the need for automated responses to security incidents due to the overwhelming number of alerts and the shortage of skilled cybersecurity personnel, particularly in Security Operations Centers (SOCs). The book details the key components of SOAR, including incident management, investigation, automation, reporting, threat intelligence (TI), and threat and vulnerability management (TVM), explaining how these elements work together to improve efficiency. Specific SOAR tools like Microsoft Sentinel SOAR, Splunk SOAR (Phantom), and Google Chronicle SOAR (Siemplify) are examined, with a particular emphasis placed on practical examples and configurations using Microsoft Sentinel automation rules and playbooks (Logic Apps). The text also covers important considerations like permissions, triggers, actions, and the use of dynamic content and expressions for effective automation, while stressing that automation is a tool to assist, not replace, SOC analysts.You can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cyber_security_summaryGet the Book now from Amazon:https://www.amazon.com/Security-Orchestration-Automation-Response-Analysts/dp/1803242914?&linkCode=ll1&tag=cvthunderx-20&linkId=c65a462bc2325d65fce69cdf2b87a0bb&language=en_US&ref_=as_li_ss_tlDiscover our free courses in tech and cybersecurity, Start learning today:https://linktr.ee/cybercode_academy
What this episode covers
Focuses on SOAR solutions and their role in modern cybersecurity. It emphasizes the need for automated responses to security incidents due to the overwhelming number of alerts and the shortage of skilled cybersecurity personnel, particularly in Security Operations Centers (SOCs). The book details the key components of SOAR, including incident management, investigation, automation, reporting, threat intelligence (TI), and threat and vulnerability management (TVM), explaining how these elements work together to improve efficiency. Specific SOAR tools like Microsoft Sentinel SOAR, Splunk SOAR (Phantom), and Google Chronicle SOAR (Siemplify) are examined, with a particular emphasis placed on practical examples and configurations using Microsoft Sentinel automation rules and playbooks (Logic Apps). The text also covers important considerations like permissions, triggers, actions, and the use of dynamic content and expressions for effective automation, while stressing that automation is a tool to assist, not replace, SOC analysts.You can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cyber_security_summaryGet the Book now from Amazon:https://www.amazon.com/Security-Orchestration-Automation-Response-Analysts/dp/1803242914?&linkCode=ll1&tag=cvthunderx-20&linkId=c65a462bc2325d65fce69cdf2b87a0bb&language=en_US&ref_=as_li_ss_tlDiscover our free courses in tech and cybersecurity, Start learning today:https://linktr.ee/cybercode_academy
NOW PLAYING
Security Orchestration, Automation, and Response for Security Analysts: Learn the secrets of SOAR to improve MTTA and MTTR
No transcript for this episode yet
Similar Episodes
Jun 20, 2025 ·61m
Jun 13, 2025 ·65m
Jun 5, 2025 ·16m
Jun 4, 2025 ·37m
Jun 4, 2025 ·31m
May 16, 2025 ·62m