We changed our name from IT Central Station: Here's why
Security Orchestration Automation and Response (SOAR) Questions
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Dec 13 2021

Hi infosec professionals,

Which deployment model should an enterprise organization choose and in which case?

Thank you!

Raymond De RooijThere are many variations for a Security Operations Centre. depending on the… more »
Jairo Willian PereiraI´m not sure about the answer, but I'll try... Insourcing or outsourcing,… more »
Shibu BabuchandranWe can have multiple SOC models depending on the requirement and budget… more »
3 Answers
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Nov 22 2021

Hi community members,

Can you please share with other peers how Security Orchestration, Automation, and Response (SOAR)  is different from XDR?

Thanks for the help!

Evgeny Belenky
PeerSpot (formerly IT Central Station)
Dec 10 2021

Hi peers,

Why SOC is important for an organization? What are the main challenges of the modern SOC?

Thanks.

Hasan Zuberi ( HZ )SOC refers to a dedicated platform and team organization to prevent, detect… more »
Denis LSOC is the heart of your infrastructure security, a centralized system… more »
3 Answers
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Sep 23 2021
Hi community, We all know that it's important to conduct a trial / POC as part of the buying process.  Do you have any advice for your peers about the best way to conduct a SOAR trial or POC? How do you conduct a trial effectively?  What should be taken into consideration and are there any mis...
Read More »
1 Answer
Ertugrul Akbas
Manager at a computer software company with 11-50 employees
Sep 13 2021
Hot data is necessary for live security monitoring.  Archive data (cold data) is not available fastly. It takes days to make archive data live if the archive data time frame is more than 30 days (in most of the SIEM solutions).  As an example, SolarWinds said the attackers first compromised its...
Read More »
reviewer1469436We changed our model to be able to cover such critical long-term cases.  We… more »
1 Answer
Chiheb Chebbi
Defender with 501-1,000 employees
Sep 03 2021

Hi community, 

When one writes detection rules for SIEM solutions, what are the criteria of a good detection rule? 

Can you share any examples?

Thanks.

Shibu Babuchandran@Chiheb Chebbi, I hope the below test cases are helpful. Test 1 - Recon:… more »
3 Answers
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Sep 08 2021
Hi community, We would like to hear your insights on the latest trends in SOC. What are you seeing in the field or forecasting?  Please share your opinion on how these trends are going to influence the future of the relevant solutions, tools, etc. used in SOC. Looking forward to hearing your...
Read More »
John RendyEvgeny,  My personal experience tells me that SOC will be driven by… more »
2 Answers
William Milton
User at VAE-MARMARA8

Hi, I'm looking for a technical comparison between Splunk Phantom SOAR and FireEye SOAR solutions.

Can anyone help with insights?

Rony_Sklar
PeerSpot (formerly IT Central Station)
Sep 22 2021

Hi dear community,

Can you explain what an incident response playbook is and the role it plays in SOAR? How do you build an incident response playbook? 

Do SOAR solutions come with a pre-defined playbook as a starting point?

Maged MagdyHi, what an incident response playbook?  Incident Response Playbook is the… more »
Robert CheruiyotHi Rony,  Playbook automates the gathering of threat intelligence from a… more »
David SwiftIncident Response playbooks detail how to act when a threat or incident occurs… more »
4 Answers
Rony_Sklar
PeerSpot (formerly IT Central Station)
Aug 31 2021
SIEM and SOAR have a lot of components in common. How do they differ in the role they play in Cyber Security? If you've been working in cybersecurity, you've likely come across SOAR and SIEM technologies. There are differences between their capabilities, although they have a fair amount of commo...
Read More »
reviewer1510752SIEM involves in collection, correlation and aggregation of security logs and… more »
Marcus GaitherWhat is SIEM? Firewalls, network appliances, and intrusion detection systems… more »
Hasan Zuberi ( HZ )It's not easy to understand the key differences when looking at SOAR vs. SIEM… more »
8 Answers
Ariel Lindenfeld
Sr. Director of Community
PeerSpot (formerly IT Central Station)