Security Orchestration, Automation and Response
Security Orchestration, Automation and Response (SOAR) has become a priority for companies as they try to reduce the dwell time between detection and remediation and try to staff their operations centers. SOAR allows companies to automate actions so that analysts have to do less manual and tedious work.
Cyber Triage integrates with SOAR systems so that a remote collection of a computer can be automatically started based on an alert or analyst-initiated workbook.
As an example, if a network alert is generated because an endpoint has reached out to an IP with threat intelligence associated with it, then a SOAR system could then trigger a collection to happen to determine what process was associated with the connection, how it got there, who has logged into the system, etc.
Integration with SOAR requires the Team version of Cyber Triage, which includes a REST API. See our integrations page for details about what SOAR systems we integrate with. Contact us if you do not see your system listed and we can let you know where it is on the roadmap.