A real-time system that is powered by AI to detect Threats
- Can detect anomalies within the SIEM logs
- Uses Playbook to trigger actions
Features
- Orchestration: Can integrate with many API, security tools, data sources to coordinate and execute workflows
- Automation: Allows processes to be automated
- Response: Soar uses Playbook to respond to threats. Could isolate system, block malicious IPs, notify IR