Security orchestration, automation, and response (SOAR) solutions are platforms that consolidate disparate tools and streamline security processes with orchestration and automation. This helps reduce alert volumes and filer out false positives, provide further context for analysis, and automate remediation actions and response. A SOAR platform starts by combining alerts from a range of security technologies—including security information and events management (SIEM) tools, vulnerability scanners, and others—and consolidating them onto one platform. Then, the platform will provide further context for investigation by providing threat intelligence management alongside machine learning capabilities.
SOC teams and admins can set up playbooks, which are pre-defined rules and workflows that are executed automatically in response to certain events and triggers. After alerts have been investigated, these playbooks can automatically trigger remediation workflows and actions without the need for admin involvement. The solutions in this category include a range of cloud-based, on-premises, and SaaS solutions, with varying features and capabilities.