Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Security Orchestration, Automation, and Response for Security Analysts
  • Table Of Contents Toc
Security Orchestration, Automation, and Response for Security Analysts

Security Orchestration, Automation, and Response for Security Analysts

By : Benjamin Kovacevic
5 (14)
Buy this Book
close
close
Security Orchestration, Automation, and Response for Security Analysts

Security Orchestration, Automation, and Response for Security Analysts

5 (14)
By: Benjamin Kovacevic
Buy this Book

Overview of this book

What your journey will look like With the help of this expert-led book, you’ll become well versed with SOAR, acquire new skills, and make your organization's security posture more robust. You’ll start with a refresher on the importance of understanding cyber security, diving into why traditional tools are no longer helpful and how SOAR can help. Next, you’ll learn how SOAR works and what its benefits are, including optimized threat intelligence, incident response, and utilizing threat hunting in investigations. You’ll also get to grips with advanced automated scenarios and explore useful tools such as Microsoft Sentinel, Splunk SOAR, and Google Chronicle SOAR. The final portion of this book will guide you through best practices and case studies that you can implement in real-world scenarios. By the end of this book, you will be able to successfully automate security tasks, overcome challenges, and stay ahead of threats.
Table of Contents (14 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Download the example code files
Icon
Download the color images
Icon
Conventions used
Icon
Get in touch
Icon
Share your thoughts
Icon
Download a free PDF copy of this book
1
Part 1: Intro to SOAR and Its Elements
Icon
Part 1: Intro to SOAR and Its Elements
Lock Free Chapter
2
Chapter 1: The Current State of Cybersecurity and the Role of SOAR
Icon
Chapter 1: The Current State of Cybersecurity and the Role of SOAR
Icon
Traditional versus modern security
Icon
The current state of cybersecurity
Icon
What is SOAR?
Icon
Summary
3
Chapter 2: A Deep Dive into Incident Management and Investigation
Icon
Chapter 2: A Deep Dive into Incident Management and Investigation
Icon
What are SOC tiers?
Icon
Understanding incident management
Icon
Investigating NIST and SANS incident management frameworks
Icon
Incident tasks – to do or not to do
Icon
Investigation starting point – incident investigation page
Icon
The incident investigation process
Icon
Understanding threat hunting
Icon
Summary
4
Chapter 3: A Deep Dive into Automation and Reporting
Icon
Chapter 3: A Deep Dive into Automation and Reporting
Icon
An in-depth view of automation
Icon
An in-depth view of reporting
Icon
TI and TVM – how important are they?
Icon
Summary
5
Part 2: SOAR Tools and Automation Hands-On Examples
Icon
Part 2: SOAR Tools and Automation Hands-On Examples
6
Chapter 4: Quick Dig into SOAR Tools
Icon
Chapter 4: Quick Dig into SOAR Tools
Icon
Microsoft Sentinel SOAR
Icon
Splunk SOAR (Phantom)
Icon
Google Chronicle SOAR (Siemplify)
Icon
Summary
7
Chapter 5: Introducing Microsoft Sentinel Automation
Icon
Chapter 5: Introducing Microsoft Sentinel Automation
Icon
The purpose of Microsoft Sentinel automation
Icon
All about automation rules
Icon
All about playbooks
Icon
Monitoring automation rules and playbook health
Icon
Summary
8
Chapter 6: Enriching Incidents Using Automation
Icon
Chapter 6: Enriching Incidents Using Automation
Icon
Why should you use automation for incident enrichment?
Icon
Creating your own Microsoft Sentinel trail
Icon
VirusTotal playbook – IP enrichment
Icon
VirusTotal playbook – URL enrichment
Icon
Summary
9
Chapter 7: Managing Incidents with Automation
Icon
Chapter 7: Managing Incidents with Automation
Icon
Automated false-positive incident closure with a watchlist
Icon
Closing an incident based on SOC analyst input
Icon
Auto-closing incidents using automation rules
Icon
Summary
10
Chapter 8: Responding to Incidents Using Automation
chevron up
Icon
Chapter 8: Responding to Incidents Using Automation
Icon
Automating responses to incidents
Icon
Blocking a user upon suspicious sign-in
Icon
Isolating a machine upon new malware detection
Icon
Summary
11
Chapter 9: Mastering Microsoft Sentinel Automation: Tips and Tricks
Icon
Chapter 9: Mastering Microsoft Sentinel Automation: Tips and Tricks
Icon
Best practices for working with dynamic content and expressions
Icon
Understanding the HTTP action and its usage
Icon
Exploring more playbook actions
Icon
Summary
12
Index
Icon
Index
Icon
Why subscribe?
13
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share your thoughts
Icon
Download a free PDF copy of this book

Responding to Incidents Using Automation

In the previous chapter, we focused on incident management using automation.

The first hands-on example was to auto-close an incident with no analyst interaction. We utilized the watchlist feature in Microsoft Sentinel, where we stored our allowed IP address and compared it with IPs involved in the incident. Based on the result, we auto-closed the incident or left a comment stating that the IP was not on the watchlist.

The second example expanded on the first example. As incidents can have more than one IP, we utilized an approval email action to ask analysts whether the incident should be auto-closed or whether a further investigation would be needed.

The final example used the automation rule to auto-close incidents on incident creation if an IP matches our specific IP. One example of using automation could be to auto-close incidents during penetration testing when the SOC is not a part of it.

This chapter will focus on how to...

Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Security Orchestration, Automation, and Response for Security Analysts
End of Section 10
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon