From the course: CompTIA SecurityX (CAS-005) Cert Prep

Unlock this course with a free trial

Join today to access over 24,900 courses taught by industry experts.

Security orchestration, automation, and response (SOAR)

Security orchestration, automation, and response (SOAR)

From the course: CompTIA SecurityX (CAS-005) Cert Prep

Security orchestration, automation, and response (SOAR)

- Okay, in this lesson, we're going to talk about SOAR, which stands for security, automation, orchestration, and response. So I guess the acronym should be SAOR, because we automate, then we orchestrate, but that's not a cool acronym. SOAR is much better, okay? Now, in our SOAR system, usually today, we're going to be getting our alerts from a SIEM system, security information event management system. Not always, but that's a very common thing. Whether it's Cisco, Splunk, or something from SolarWinds, or something cloud-based, the alerts are going to come from the SIEM system. Remember, the SIEM system is basically collecting, aggregating, de-duplicating alerts, and alarms, and logs from all the different infrastructure devices. And once it does its magic, it sends these kind of unified alerts to the source system, which is going to map them into use case categories. Category A being like ransomware, Category B being like DDoS attack, Category C, remote acts risks and Trojan. This…

Contents