SOAR

The latest News and Information on Security Orchestration, Automation and Response.

How to Assess and Up-level Your Organization's Maturity for SOAR, Gartner's Take

Jul 28, 2021 By Marc Solomon In ThreatQuotient

Earlier this year, Gartner published its latest research on the Security Orchestration, Automation and Response (SOAR) market in a report entitled, “Is Your Organization Mature Enough for SOAR?”. We’ve been talking to clients about this very subject and agree with Gartner that SOAR tools can increase SecOps efficiency and consistency, provided organizations have laid the proper groundwork.

Read Post

ThreatQuotient

Read more about How to Assess and Up-level Your Organization's Maturity for SOAR, Gartner's Take

Splunk SOAR Feature Video: Custom Functions

Jul 27, 2021 By Splunk In Splunk

Splunk SOAR’s custom functions allow shareable custom code across playbooks and the introduction of complex data objects into the playbook execution path. These aren’t just out-of the-box playbooks, but out-of-the-box custom blocks that save you time and effort. This allows for centralized code management and version control of custom functions providing the building blocks for scaling your automation, even to those without coding capabilities.

View Video

Splunk

Read more about Splunk SOAR Feature Video: Custom Functions

Splunk SOAR Feature Video: Contextual Action Launch

Jul 27, 2021 By Splunk In Splunk

Splunk SOAR apps have a parameter for action inputs and outputs called "contains". These are used to enable contextual actions in the Splunk SOAR user interface. A common example is the contains type "ip". This is a powerful feature that the platform provides, as it allows the user to chain the output of one action as input to another.

View Video

Splunk

Read more about Splunk SOAR Feature Video: Contextual Action Launch

Splunk SOAR Feature Video: Investigation Command Line

Jul 27, 2021 By Splunk In Splunk

When you're on the Splunk SOAR investigation page, there are several ways to run actions. One of the easiest ones is to use the command line, down where you would write comments in the event. If you start off with a slash (/) you get prompting for the action you would like to choose.

View Video

Splunk

Read more about Splunk SOAR Feature Video: Investigation Command Line

Splunk SOAR Feature Video: Create a Manual Event

Jul 27, 2021 By Splunk In Splunk

If you haven’t done anything on your Splunk SOAR instance yet you'll see zeros across the top in what we call the ROI summary. So how do you get started creating events in Splunk SOAR?

View Video

Splunk

Read more about Splunk SOAR Feature Video: Create a Manual Event

Splunk SOAR Feature Video: Configure Third Party Tools

Jul 27, 2021 By Splunk In Splunk

To get started in Splunk SOAR, you will need to configure an asset. Assets are the security and infrastructure assets that you integrate with the Splunk SOAR platform, like firewalls and endpoint products. Splunk SOAR connects to these assets through apps. Apps extend the platform by integrating third-party security products and tools.

View Video

Splunk

Read more about Splunk SOAR Feature Video: Configure Third Party Tools

Splunk SOAR Feature Video: Install/Update Apps

Jul 27, 2021 By Splunk In Splunk

A common task on the Splunk SOAR platform is installing a new app, or updating existing apps. Apps extend the Splunk SOAR platform by integrating third-party security products and tools. We currently offer more than 350 premade apps that are accessible right now.

View Video

Splunk

Read more about Splunk SOAR Feature Video: Install/Update Apps

Second Order Security - Episode 7 - SOAR Games: Volume 2

Jul 1, 2021 By Splunk In Splunk

Continuing our playbook building games, Dan and Tom heckle Danny through breaking down a master playbook into modular playbooks. Danny continues to screw up his audio.

View Video

Splunk

Read more about Second Order Security - Episode 7 - SOAR Games: Volume 2

Current Events Have You Worried? Our Program Development Services Can Help.

Jun 29, 2021 By Jonathan Couch In ThreatQuotient

Sometimes the hardest part of any project is getting started. But when it comes to strengthening your security operations program, the escalation of cyberattacks over the last few months have shown us there’s no time to waste. You need to make sure you’re leveraging threat intelligence throughout your security operations to understand your adversaries, strengthen defenses, and accelerate detection and response.

Read Post

ThreatQuotient

Read more about Current Events Have You Worried? Our Program Development Services Can Help.

A day in the life of cybersecurity. Splunk customer stories of SOC-cess

Jun 28, 2021 By Matt Davies In Splunk

We have a saying at Splunk. It goes something like “if you’re ever having a bad day, go and talk to a customer”. What organizations around the world are doing with their data and Splunk brings a huge smile and an eyebrow raising, positive “can’t quite believe you’ve done that” very-impressed nod of the head. That’s never more true than with our security customers.

Read Post