Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Security Orchestration, Automation, and Response for Security Analysts

You're reading from   Security Orchestration, Automation, and Response for Security Analysts Learn the secrets of SOAR to improve MTTA and MTTR and strengthen your organization's security posture

Arrow left icon
Product type Paperback
Published in Jul 2023
Publisher Packt
ISBN-13 9781803242910
Length 338 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Benjamin Kovacevic Benjamin Kovacevic
Author Profile Icon Benjamin Kovacevic
Benjamin Kovacevic
Arrow right icon
View More author details
Toc

Table of Contents (14) Chapters Close

Preface 1. Part 1: Intro to SOAR and Its Elements
2. Chapter 1: The Current State of Cybersecurity and the Role of SOAR FREE CHAPTER 3. Chapter 2: A Deep Dive into Incident Management and Investigation 4. Chapter 3: A Deep Dive into Automation and Reporting 5. Part 2: SOAR Tools and Automation Hands-On Examples
6. Chapter 4: Quick Dig into SOAR Tools 7. Chapter 5: Introducing Microsoft Sentinel Automation 8. Chapter 6: Enriching Incidents Using Automation 9. Chapter 7: Managing Incidents with Automation 10. Chapter 8: Responding to Incidents Using Automation 11. Chapter 9: Mastering Microsoft Sentinel Automation: Tips and Tricks 12. Index 13. Other Books You May Enjoy

What this book covers

Chapter 1, The Current State of Cybersecurity and the Role of SOAR, is a general overview of cybersecurity, why traditional tools aren’t enough in the fight, and how modern tools add value to a SOC. We will continue with the topic of SOAR, what it is, why it’s one of the SOC analysts’ “best friends,” and how it can reduce the amount of time required to respond to incidents.

Chapter 2, A Deep Dive into Incident Management and Investigation, will focus on incident management and investigation, its importance, and some of the best approaches to incident management and investigation. This will include owner assignment, collaboration, modern tools, and lessons learned as one of the most critical aspects of incident investigation.

Chapter 3, A Deep Dive into Automation and Reporting, provides an overview of automation as one of the most significant elements of SOAR. We will cover automation as a SOC’s best friend, why you should be using it, and what we can automate. In this chapter, we will go through reporting, as well as how it can help SOCs be more efficient.

Chapter 4, Qucik Dig into SOAR Tools, will go over the most known SOAR tools, how they look, and what options they have. In it, we will go through the importance of SOAR and how it changed the traditional SIEM space.

Chapter 5, Introducing Microsoft Sentinel Automation, will introduce all aspects of Microsoft Sentinel automation on a more profound level, as a continuation of the Microsoft Sentinel SOAR intro in the previous chapter. We will be explaining topics such as automation rules and playbooks and how to utilize them to fight the dark side.

Chapter 6, Enriching Incidents Using Automation, focuses on the first hands-on example, where we will show you how to utilize solutions such as VirusTotal to enrich incidents on creation/update. We will go over enrichment and how we can use it to improve the amount of time taken for initial triage from hours to minutes!

Chapter 7, Managing Incidents with Automation, will focus on incident management with automation, how to control false-positive/low-severity incidents, and user/SOC analyst inputs for faster incident resolution. MTTA and MTTR are the main SOC measurements, and proper automation will lower both of them.

Chapter 8, Responding to Incidents Using Automation, will focus on responding to the incident as one of the most critical automation scenarios. Examples include blocking the user, isolating the host, blocking the IP, resetting users’ passwords, and so on. A fast response can isolate a bad actor in its initial stage, and with automation, this can be done as soon as the incident is created – with or without SOC analyst interaction.

Chapter 9, Mastering Microsoft Sentinel Automation: Tips and Tricks, will go over tips and tricks for using Microsoft Sentinel as an automation tool. We will demonstrate its power under the hood and how to utilize automation below the GUI. This will include the options for automatically adding “hidden” elements, functions for better content control, and everything about HTTP action.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image