Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Security Orchestration, Automation, and Response for Security Analysts
  • Table Of Contents Toc
  • Feedback & Rating feedback
Security Orchestration, Automation, and Response for Security Analysts

Security Orchestration, Automation, and Response for Security Analysts

By : Benjamin Kovacevic
5 (14)
Buy this Book
close
close
Security Orchestration, Automation, and Response for Security Analysts

Security Orchestration, Automation, and Response for Security Analysts

5 (14)
By: Benjamin Kovacevic
Buy this Book

Overview of this book

What your journey will look like With the help of this expert-led book, you’ll become well versed with SOAR, acquire new skills, and make your organization's security posture more robust. You’ll start with a refresher on the importance of understanding cyber security, diving into why traditional tools are no longer helpful and how SOAR can help. Next, you’ll learn how SOAR works and what its benefits are, including optimized threat intelligence, incident response, and utilizing threat hunting in investigations. You’ll also get to grips with advanced automated scenarios and explore useful tools such as Microsoft Sentinel, Splunk SOAR, and Google Chronicle SOAR. The final portion of this book will guide you through best practices and case studies that you can implement in real-world scenarios. By the end of this book, you will be able to successfully automate security tasks, overcome challenges, and stay ahead of threats.
Table of Contents (14 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Download the example code files
Icon
Download the color images
Icon
Conventions used
Icon
Get in touch
Icon
Share your thoughts
Icon
Download a free PDF copy of this book
1
Part 1: Intro to SOAR and Its Elements
Icon
Part 1: Intro to SOAR and Its Elements
Lock Free Chapter
2
Chapter 1: The Current State of Cybersecurity and the Role of SOAR
Icon
Chapter 1: The Current State of Cybersecurity and the Role of SOAR
Icon
Traditional versus modern security
Icon
The current state of cybersecurity
Icon
What is SOAR?
Icon
Summary
3
Chapter 2: A Deep Dive into Incident Management and Investigation
Icon
Chapter 2: A Deep Dive into Incident Management and Investigation
Icon
What are SOC tiers?
Icon
Understanding incident management
Icon
Investigating NIST and SANS incident management frameworks
Icon
Incident tasks – to do or not to do
Icon
Investigation starting point – incident investigation page
Icon
The incident investigation process
Icon
Understanding threat hunting
Icon
Summary
4
Chapter 3: A Deep Dive into Automation and Reporting
Icon
Chapter 3: A Deep Dive into Automation and Reporting
Icon
An in-depth view of automation
Icon
An in-depth view of reporting
Icon
TI and TVM – how important are they?
Icon
Summary
5
Part 2: SOAR Tools and Automation Hands-On Examples
Icon
Part 2: SOAR Tools and Automation Hands-On Examples
6
Chapter 4: Quick Dig into SOAR Tools
Icon
Chapter 4: Quick Dig into SOAR Tools
Icon
Microsoft Sentinel SOAR
Icon
Splunk SOAR (Phantom)
Icon
Google Chronicle SOAR (Siemplify)
Icon
Summary
7
Chapter 5: Introducing Microsoft Sentinel Automation
Icon
Chapter 5: Introducing Microsoft Sentinel Automation
Icon
The purpose of Microsoft Sentinel automation
Icon
All about automation rules
Icon
All about playbooks
Icon
Monitoring automation rules and playbook health
Icon
Summary
8
Chapter 6: Enriching Incidents Using Automation
Icon
Chapter 6: Enriching Incidents Using Automation
Icon
Why should you use automation for incident enrichment?
Icon
Creating your own Microsoft Sentinel trail
Icon
VirusTotal playbook – IP enrichment
Icon
VirusTotal playbook – URL enrichment
Icon
Summary
9
Chapter 7: Managing Incidents with Automation
Icon
Chapter 7: Managing Incidents with Automation
Icon
Automated false-positive incident closure with a watchlist
Icon
Closing an incident based on SOC analyst input
Icon
Auto-closing incidents using automation rules
Icon
Summary
10
Chapter 8: Responding to Incidents Using Automation
chevron up
Icon
Chapter 8: Responding to Incidents Using Automation
Icon
Automating responses to incidents
Icon
Blocking a user upon suspicious sign-in
Icon
Isolating a machine upon new malware detection
Icon
Summary
11
Chapter 9: Mastering Microsoft Sentinel Automation: Tips and Tricks
Icon
Chapter 9: Mastering Microsoft Sentinel Automation: Tips and Tricks
Icon
Best practices for working with dynamic content and expressions
Icon
Understanding the HTTP action and its usage
Icon
Exploring more playbook actions
Icon
Summary
12
Index
Icon
Index
Icon
Why subscribe?
13
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share your thoughts
Icon
Download a free PDF copy of this book

Automating responses to incidents

In organizations, we have multiple teams handling different segments of IT. We have networking departments, system administration, device management teams, and so on. Traditionally, when we have an incident and the SOC needs to isolate a machine or block an IP in the firewall, they would need to raise a ticket in ITSM or send an email request. The department in question then picks this up and acts on it. However, this takes time. An analyst needs to log in to ITSM, open a new ticket, enter all data and a justification in detail, and submit it. Then, the appropriate department needs to verify and act on it, which means they will need to copy the IP or host details, go to the appropriate system, and update it. This adds many unnecessary steps.

With automation, this process can be more efficient. After SOC analysts do their investigation and realize that they need to isolate a machine or block an IP address, they can run a playbook that will perform...

Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Security Orchestration, Automation, and Response for Security Analysts
End of Section 10
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon