IntelliSOAR: Intelligent Alert Enrichment Using Security Orchestration Automation and Response (SOAR)

IntelliSOAR: Intelligent Alert Enrichment Using Security Orchestration Automation and Response (SOAR)

연구 분야: Safety

학회: International Conference on Information Systems Security

A typical Security Operations Center (SOC) receives several millions of alerts everyday. An analyst in SOC needs to use sophisticated tools to drill down to the most concerning alerts. Security Orchestration Automation and Response (SOAR) provide the much needed relief to them. However, though a large number of SOAR tools are available, customising them to the specific requirements is a grand challenge. This study bridges the gap between the theoretical understanding of SOAR system and practical implementation by step wise elaborating the SOAR architecture with the help of a use case of Intelligent alert enrichment using SOAR system. The process of data ingestion, and integration with various tools, workflow and orchestration are described in detail. An use case illustrating the automation of alert enrichment is presented. Various open source tools and technologies required for SOAR system implementation are explained. Also a summary of other popular SOAR tools are provided.