SOAR

elastic

Elastic and Swimlane partner to deliver an extensible framework for the modern SOC

Today I’m happy to share more about our partnership with Swimlane, which further reinforces our commitment to empowering security teams everywhere. Today’s security teams rely on the power of Elastic’s high-speed, cloud-scale analytics to solve their most complex and pressing security issues. Swimlane’s security automation platform provides a way for these same teams to accelerate and optimize their workflows for max efficiency and to solve SOAR use cases.

logz.io

Keep Calm and Simplify Managing your SIEM events with Siemplify

We created our Logz.io Cloud SIEM with a clear goal: providing a rapidly deploying, flexible, and cost-effect security management tool that can serve broad datasets and withstand the occasional bursts of events without a sweat. However, our users were coming back to us with requests for more. After all, it’s great to proactively detect proliferating security threats, but what’s the next step beyond just identifying the threat?

splunk

Splunk SOAR Playbooks: Suspicious Email Domain Enrichment

Despite the myriad pathways to initial access on our networks, phishing remains the single most popular technique for attackers. The open nature of email and our reliance on it for communication make it difficult for defenders to classify messages, so it is no surprise that suspicious email investigation is a top use case for automation. Today, we are releasing a new community playbook for Splunk SOAR (previously Splunk Phantom) to help enrich suspicious email events.

splunk

Streamlining Vulnerability Management with Splunk Phantom

Vulnerabilities are weaknesses in the security infrastructure that bad actors can exploit to gain unauthorized access to a private network. It is nearly impossible for security analysts to patch 100% of the vulnerabilities identified on any given day, but a vulnerability management plan can ensure that the highest risk vulnerabilities (those that are most likely to cause a data breach), will be addressed immediately.

logsign

What is SOAR?

If an individual wants to acquire information about cyber security, or cyber security tools in general, coming across SOAR is inevitable. Since the SOAR abbreviation is all over the place, the importance of it is also easy to recognize. What makes SOAR crucial for cyber security then? In order to answer this question, the full name of the tool should be addressed. SOAR stands for** Security Orchestration Automation and Response**.

siemplify

10 Must-Ask Questions When Choosing a SOAR Solution in 2021

The adoption of security orchestration, automation and response (SOAR) platforms has grown significantly in recent years. Countless end-user and service provider security operations teams are leveraging SOAR to address the most common security operations challenges – too many disparate technologies, alert overload, limited staff and manual processes.

Splunk SOAR Playbooks: Azure New User Census

Hafnium is the latest cyberattack that utilizes a number of post-exploitation tools after gaining access to Exchange servers through a zero-day exploit. One of their persistence methods was creating new user accounts in the domain, giving them the ability to log back into the network using normal authentication rather than use a web shell or continue to re-exploit the vulnerability (which has since been patched). Learn how you can use Splunk Phantom to automate account monitoring to ensure that threat actors are not exploiting vulnerabilities to access sensitive information through authenticated accounts.
splunk

Taking Automation Beyond the SOC With Advanced Network Access Control

Security orchestration, automation and response (SOAR) tools are most commonly known for automating manual security operations processes in order to expedite security investigations or cyber response. For instance, Splunk’s SOAR technology, Splunk Phantom, is most commonly used to automate alert triage, phishing investigation and response, threat hunting and vulnerability management.

splunk

Splunk SOAR Playbooks: Conducting an Azure New User Census

In January and February of 2021, the threat actor called Hafnium used a number of post-exploitation tools after gaining access to Exchange servers through a zero-day exploit. One of their persistence methods was creating new user accounts in the domain, giving them the ability to log back into the network using normal authentication rather than use a web shell or continue to re-exploit the vulnerability (which has since been patched).