SOAR
Definition
Security Orchestration, Automation and Response. A platform that can execute playbook steps automatically, such as blocking an IP address or disabling a user account, based on defined triggers. SOAR turns human-readable playbooks into partially automated workflows.
Related terms
- Decision gate
- A checkpoint within a playbook at which the responder must evaluate a condition, such as whether data exfiltration has been confirmed, and...
- Indicators of compromise (IoCs)
- Artefacts observed on a network or system that suggest an intrusion or malicious activity has occurred, such as unusual outbound connections, known-malicious...
- Playbook
- A documented step-by-step procedure for responding to a specific type of security event. Playbooks standardise analyst behaviour, reduce response time, and ensure...
- Runbook
- A technical execution document, sometimes used interchangeably with playbook but more precisely refers to the low-level commands and scripts used during a...
- Tabletop exercise
- A structured, discussion-based simulation in which team members walk through a hypothetical incident using the playbook as a guide, without touching live...
Explained in
- Developing and Using Incident Response PlaybooksSecurity Orchestration, Automation and Response. A platform that can execute playbook steps automatically, such as blocking an IP address or disabling a user a...