Defense & Operations
SOAR
Also known as: Security Orchestration, Automation and Response
Definition
A platform that automates and orchestrates SOC workflows by chaining detections, enrichments and response actions into playbooks executed across security tools.
Examples
- A phishing-triage playbook that detonates URLs in a sandbox, queries VirusTotal and quarantines the email.
- An XSOAR playbook that isolates a host in EDR and resets the user's password when ransomware behaviour is detected.
Related terms
SIEM
A platform that aggregates, normalizes and correlates security telemetry from across the enterprise to enable detection, investigation, compliance and reporting.
Security Operations Center (SOC)
A centralized team and facility that continuously monitors, detects, investigates and responds to cybersecurity incidents across an organization's IT estate.
Incident Response
The organised process of preparing for, detecting, analysing, containing, eradicating, and recovering from cyber security incidents, then capturing lessons learned.
EDR (Endpoint Detection and Response)
An endpoint security technology that continuously records process, file, registry and network activity to detect, investigate and respond to threats on hosts.
Threat Intelligence
Evidence-based knowledge about threats and threat actors — including indicators, TTPs and context — used to guide security decisions and detection.
Mean Time to Respond (MTTR)
Mean Time to Respond (MTTR) — definition coming soon.