Smart SOAR automates up to 90% of tier-1 analyst work by consolidating events from multiple sources in one place, with automated enrichment, contextualization and correlation. The time and resource savings enables a greater focus on real threats and fine-tuning of detection and response logic.
Smart SOAR provides incident responders with full incident profiles comprising linked events, IOCs and context, painting a full picture of the threat. Rapid searches are carried out across a fully integrated toolset, and remedial actions can be triggered via fully automated playbooks or by prompting a single-click analyst approval.
Smart SOAR users can run actions using the command line or codeless playbook interface; remedial actions within playbooks, such as telling a firewall to block an IP, can be setup to run automatically based on conditions, or by offering the user a single-click prompt. Analysts can also search, filter and drill down on events to identify potential threats and prioritize action.
Smart SOAR is a security operations platform with extensive incident response case management capabilities, including case investigator dashboards, secure collaboration, evidence tracking, and highly configurable information access controls. Many customers use Smart SOAR to support fraud, forensics or insider threat investigations. Comprehensive audit features are included.