Security Operations SOAR - Journey Overview

SecOps SOAR relies on the Unified Data Model (UDM) foundation of SecOps' SIEM functionality to provide security orchestration and automation.

While SIEM correlates and contextualizes information for manual action by a SecOps team, SOAR expedites response processes through security automation and orchestration. The core of SecOps SOAR is automation playbooks.

Playbooks define the automated actions to take when specific conditions (events, or combinations of events) are triggered. SecOps SAOR provides several common playbooks, while providing the ability to import, or create custom playbooks for your SecOps workflows.





In the SecOps SOAR Journey you will navigate through five main tasks of implementation:

  1. Configure Integrations
  2. Configure Playbooks
  3. Utilize Chronicle Marketplace
  4. Custom Integrations
  5. Incident Manager

Next Steps: Security Operations SOAR: Step 1 - Configure Integrations

Version history
Last update:
‎04-25-2024 12:18 PM
Updated by: