Skip to content
Log in

SOAR (Security Orchestration, Automation, and Response)

Definition

A platform that receives alerts from the SIEM and other sources, executes automated playbooks to enrich and triage them, and integrates with downstream tools to take containment actions or open case tickets without manual analyst intervention.

Related terms

EDR (Endpoint Detection and Response)
An agent-based security tool deployed on individual endpoints (workstations, servers, mobile devices) that monitors process execution, file changes, network connections, and registry...
MTTD / MTTR
Mean Time to Detect and Mean Time to Respond: the two primary operational KPIs for a SOC. MTTD measures the gap between...
SIEM (Security Information and Event Management)
A platform that aggregates log and event data from systems, networks, and applications across an environment, correlates events against detection rules, generates...
STIX / TAXII
Structured Threat Information eXpression (STIX) is a standardised language for describing threat intelligence objects. Trusted Automated eXchange of Intelligence Information (TAXII) is...
Threat Intelligence Platform (TIP)
A system that ingests indicator feeds from external providers and internal sources, deduplicates and scores them, and exports curated indicators of compromise...

Explained in

  • SOC Tooling and the SIEMA platform that receives alerts from the SIEM and other sources, executes automated playbooks to enrich and triage them, and integrates with downstream tools t...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account