Security teams don’t have time for slow automations. Every extra minute spent wrestling with data mapping or debugging a broken integration is a minute not spent responding to real threats. Energy SOAR 2.1 addresses that head-on with a reimagined Workflow Module – a modern environment for building, testing, and maintaining incident response playbooks.
A Faster, Smarter Workflow Engine
The most impactful change in this release is a major overhaul of the workflow engine. The update brings:
- A more comfortable editor
- Simpler data mapping between steps
- API configuration import from cURL
- Improved debugging
- Greater stability in automation execution
In practice, this means less time from idea to working playbook and fewer errors when integrating with external security systems.
The new Workflow Module makes it easier to build processes that leverage data from earlier steps — alerts, enrichment results, case information, and responses from external tools can now be passed to subsequent nodes more efficiently. This lets SOC analysts and engineers focus on response logic rather than manually transcribing fields and wrestling with data flow configuration.
20+ Ready-Made Cybersecurity Integrations
Another significant improvement is broader access to ready-made Cybersecurity integrations. The Workflow Module can draw on an extensive ecosystem of nodes for security tools spanning threat intelligence, malware analysis, endpoint security, SIEM, vulnerability management, firewall, DNS security, and incident response.
Out of the box, this includes:
- Trellix ePO, Zabbix, Zscaler ZIA
- Labirynth, VirusTotal, AbuseIPDB, AlienVault
- Carbon Black, Cisco Secure Endpoint, Cisco Umbrella, CrowdStrike
- Fortinet FortiGate, Hybrid Analysis, OpenCTI, QRadar
- Qualys, Rapid7 InsightVM, Recorded Future, Sekoia
As a result, typical SOAR scenarios – alert enrichment, IP/domain/URL/file reputation checks, automatic ticket creation, pulling context from threat intelligence tools, triggering responder actions, and updating case status — can all be built faster and with significantly less integration overhead.
AI ON-PREM node, No Compromises
This release also introduces the AI On-Prem node, which enables the use of local AI models without sending data outside the organisation’s controlled environment. The node supports:
- Case analysis
- False positive probability assessment
- Next-task suggestions
- Enrichment recommendations
- Report generation in both text and structured formats
This makes it possible to combine automation with intelligent decision support while fully meeting your security and data privacy requirements.
Built for Teams and Production
The Workflow Module has also been better prepared for team collaboration and production environments. A new administrative view enables workflow management along with import and export capabilities, simplifying the transfer of automations between test and production environments.
Improved error handling, retry mechanisms, and debugging tools help diagnose issues faster and keep playbooks in a stable state.
SOAR is becoming not just an incident handling platform, but a modern response orchestration centre – with faster playbook creation, a wider range of ready-made Cybersecurity integrations, better operational control, and secure AI running ON-PREM.
