Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Security Orchestration, Automation, and Response for Security Analysts
  • Table Of Contents Toc
  • Feedback & Rating feedback
Security Orchestration, Automation, and Response for Security Analysts

Security Orchestration, Automation, and Response for Security Analysts

By : Benjamin Kovacevic
5 (14)
Buy this Book
close
close
Security Orchestration, Automation, and Response for Security Analysts

Security Orchestration, Automation, and Response for Security Analysts

5 (14)
By: Benjamin Kovacevic
Buy this Book

Overview of this book

What your journey will look like With the help of this expert-led book, you’ll become well versed with SOAR, acquire new skills, and make your organization's security posture more robust. You’ll start with a refresher on the importance of understanding cyber security, diving into why traditional tools are no longer helpful and how SOAR can help. Next, you’ll learn how SOAR works and what its benefits are, including optimized threat intelligence, incident response, and utilizing threat hunting in investigations. You’ll also get to grips with advanced automated scenarios and explore useful tools such as Microsoft Sentinel, Splunk SOAR, and Google Chronicle SOAR. The final portion of this book will guide you through best practices and case studies that you can implement in real-world scenarios. By the end of this book, you will be able to successfully automate security tasks, overcome challenges, and stay ahead of threats.
Table of Contents (14 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Download the example code files
Icon
Download the color images
Icon
Conventions used
Icon
Get in touch
Icon
Share your thoughts
Icon
Download a free PDF copy of this book
1
Part 1: Intro to SOAR and Its Elements
Icon
Part 1: Intro to SOAR and Its Elements
Lock Free Chapter
2
Chapter 1: The Current State of Cybersecurity and the Role of SOAR
chevron up
Icon
Chapter 1: The Current State of Cybersecurity and the Role of SOAR
Icon
Traditional versus modern security
Icon
The current state of cybersecurity
Icon
What is SOAR?
Icon
Summary
3
Chapter 2: A Deep Dive into Incident Management and Investigation
Icon
Chapter 2: A Deep Dive into Incident Management and Investigation
Icon
What are SOC tiers?
Icon
Understanding incident management
Icon
Investigating NIST and SANS incident management frameworks
Icon
Incident tasks – to do or not to do
Icon
Investigation starting point – incident investigation page
Icon
The incident investigation process
Icon
Understanding threat hunting
Icon
Summary
4
Chapter 3: A Deep Dive into Automation and Reporting
Icon
Chapter 3: A Deep Dive into Automation and Reporting
Icon
An in-depth view of automation
Icon
An in-depth view of reporting
Icon
TI and TVM – how important are they?
Icon
Summary
5
Part 2: SOAR Tools and Automation Hands-On Examples
Icon
Part 2: SOAR Tools and Automation Hands-On Examples
6
Chapter 4: Quick Dig into SOAR Tools
Icon
Chapter 4: Quick Dig into SOAR Tools
Icon
Microsoft Sentinel SOAR
Icon
Splunk SOAR (Phantom)
Icon
Google Chronicle SOAR (Siemplify)
Icon
Summary
7
Chapter 5: Introducing Microsoft Sentinel Automation
Icon
Chapter 5: Introducing Microsoft Sentinel Automation
Icon
The purpose of Microsoft Sentinel automation
Icon
All about automation rules
Icon
All about playbooks
Icon
Monitoring automation rules and playbook health
Icon
Summary
8
Chapter 6: Enriching Incidents Using Automation
Icon
Chapter 6: Enriching Incidents Using Automation
Icon
Why should you use automation for incident enrichment?
Icon
Creating your own Microsoft Sentinel trail
Icon
VirusTotal playbook – IP enrichment
Icon
VirusTotal playbook – URL enrichment
Icon
Summary
9
Chapter 7: Managing Incidents with Automation
Icon
Chapter 7: Managing Incidents with Automation
Icon
Automated false-positive incident closure with a watchlist
Icon
Closing an incident based on SOC analyst input
Icon
Auto-closing incidents using automation rules
Icon
Summary
10
Chapter 8: Responding to Incidents Using Automation
Icon
Chapter 8: Responding to Incidents Using Automation
Icon
Automating responses to incidents
Icon
Blocking a user upon suspicious sign-in
Icon
Isolating a machine upon new malware detection
Icon
Summary
11
Chapter 9: Mastering Microsoft Sentinel Automation: Tips and Tricks
Icon
Chapter 9: Mastering Microsoft Sentinel Automation: Tips and Tricks
Icon
Best practices for working with dynamic content and expressions
Icon
Understanding the HTTP action and its usage
Icon
Exploring more playbook actions
Icon
Summary
12
Index
Icon
Index
Icon
Why subscribe?
13
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share your thoughts
Icon
Download a free PDF copy of this book

The Current State of Cybersecurity and the Role of SOAR

Ransomware, data leaks, phishing, denial of service… these are some of the terms that everyone, even those who aren’t in the IT industry, will have repeatedly heard in the last few years. Everyone has received an email from a Nigerian prince or some long-lost rich, relative from Africa at least once. These are basic examples of cyberattacks called phishing attacks, which still have an acceptable success rate. If we were to talk about more tailored phishing attacks (common ones being a request to change your password or a notification that your account will be deleted if you don’t click on a link), those have an even better success rate – why is that so? Because bad actors are smart.

The first aspect to consider is that they will use many techniques to make their email seem as legitimate as possible, and the second, which is not connected to IT, is the psychological part. The psychological part manifests itself in a few different ways. It can be someone pretending to be your boss (using spoofing methods), an email containing a sense of urgency, or an email sent at the end of working hours when employee concentration is at its lowest. Because of this, organizations are on the lookout for more advanced systems to help them respond to these in a matter of minutes. That is where Security Orchestration, Automation, and Response (SOAR) comes in to save the day.

In this chapter, we will cover the main aspects of changes within cybersecurity and how those changes impact our everyday lives. A few years back, cyberattacks mainly impacted organizations, but today, their impact is felt by ordinary people as well. And this is something that will not change overnight. As one way of fighting back and improving their security posture, organizations can use many security tools. One of them is SOAR, and we will explain why SOAR is a must in every organization today.

In a nutshell, this chapter will cover the following main topics:

  • Traditional versus modern security
  • The state of cybersecurity
  • What is SOAR?
Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Security Orchestration, Automation, and Response for Security Analysts
End of Section 2
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon