- SOAR was designed to address critical security events and high-end investigation.
- SOAR would benefit smaller organizations because it requires no cybersecurity analyst involvement once installed.
- SOAR automates incident investigation and responds to workflows based on playbooks.
- SOAR automation guarantees an uptime factor of “5 nines”.
Explanation: SIEM systems are used for collecting and filtering data, detecting and classifying threats, and analyzing and investigating threats. SOAR technology does the same as SIEMs but it also includes automation. SOAR integrates threat intelligence and automates incident investigation. SOAR also responds to events using response workflows based on previously developed playbooks.
More Questions: Modules 1 – 2: Threat Actors and Defenders Group Exam