Security Orchestration, Automation, and Response for Security Analysts: Learn the secrets of SOAR to improve MTTA and MTTR

Focuses on SOAR solutions and their role in modern cybersecurity. It emphasizes the need for automated responses to security incidents due to the overwhelming number of alerts and the shortage of skilled cybersecurity personnel, particularly in Security Operations Centers (SOCs). The book details the key components of SOAR, including incident management, investigation, automation, reporting, threat intelligence (TI), and threat and vulnerability management (TVM), explaining how these elements work together to improve efficiency. Specific SOAR tools like Microsoft Sentinel SOAR, Splunk SOAR (Phantom), and Google Chronicle SOAR (Siemplify) are examined, with a particular emphasis placed on practical examples and configurations using Microsoft Sentinel automation rules and playbooks (Logic Apps). The text also covers important considerations like permissions, triggers, actions, and the use of dynamic content and expressions for effective automation, while stressing that automation is a tool to assist, not replace, SOC analysts.You can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cyber_security_summaryGet the Book now from Amazon:https://www.amazon.com/Security-Orchestration-Automation-Response-Analysts/dp/1803242914?&linkCode=ll1&tag=cvthunderx-20&linkId=c65a462bc2325d65fce69cdf2b87a0bb&language=en_US&ref_=as_li_ss_tlDiscover our free courses in tech and cybersecurity, Start learning today:https://linktr.ee/cybercode_academy

There are no comments yet.

Please log in to write the first comment.