Smart SOAR acts as a unified dashboard for analysis and investigation of ArcSight ESM events, enriching events with correlated MITRE ATT&CK matrix techniques, threat intelligence, and historical incident data. ArcSight ESM and Smart SOAR users not only benefit from automation and orchestration-powered response workflows, but also robust investigative case management and reporting toolsets.
By combining ArcSight ESM for threat detection with Smart SOAR for incident enrichment and response, you can automatically escalate real threats to incident status in Smart SOAR and assess their criticality through data enrichment and MITRE ATT&CK matrix correlation. Smart SOAR can then trigger an incident-specific automated response playbook. When notable events trigger Smart SOAR’s automated workflows and full-lifecycle playbooks for incident response, analysts no longer have to manually coordinate dozens of triage and response tasks. Response occurs in seconds, not hours.
Once an event has been escalated, Smart SOAR automatically correlates IOCs—such as source IP/domain, destination IP/domain, file hashes, etc.— and MITRE ATT&CK techniques against threat intelligence, and historical incident data, painting a complete picture of the threat. An intuitive link analysis dashboard provides analysts with the dexterity and visualizations needed for complex investigations. Adding Smart SOAR’s link analysis to ArcSight ESM events provides users with vastly improved triage, the ability to easily spot false positives, and better handling of complex incidents. By bringing the information needed for investigations into a single platform, organizations can reduce SOC fatigue by eliminating context-switching, while improving response through integrated intelligence.
Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.