SOAR

20 Sep: How to analyze observables automatically

Another day in the SOC office. IT Security that was supposed to be challenging and interesting become repetitive and … boring. Same Alerts every day to analyse. Analyze the attachement, check IP reputation, check file hash, has anyone seen it? You know what I mean? Hope NO, because if YES, than we have little time before complete frustration.

20 Sep: Observables

Every time Soar travels through the data it collects crucial keys needed in orchestration and automation process. Integrated SIEM is a source of alerts from which SOAR generate its knowledge. EnergySoar is no different. From ingested alerts we collect our Observables. What are they ?