Team Lead for Global Security at a non-tech company with 201-500 employees
Real User
2022-10-18T15:37:09Z
Oct 18, 2022
We use this solution for automated orchestration within our environment. Specifically for us that is privileged escalation, detections, and malware detections that we want to have investigated.
We primarily use the solution for SIEM alerts triage automation and MITRE detection playbooks. We have hundreds of alerts from various detection tools fed into our SIEM. Correlation within the SIEM is difficult for us since our SIEM only supports simple filtering and one level of data sources correlation. Managing and updating correlation rules is a pain. We are now propagating alerts fed into the SIEM directly to LogicHub via a webhook. Within the LogicHub, we have playbooks that automatically enrich the alerts, baseline checking the alerts, risk weighing and scoring the alerts, and then stack ranking the riskiest and impactful ones to be escalated into a case so our analyst can be the human in the loop before we fire off any automated response.
Find out what your peers are saying about Devo, Splunk, ServiceNow and others in Security Orchestration Automation and Response (SOAR). Updated: June 2025.
Security Orchestration Automation and Response (SOAR) solutions streamline security operations by integrating multiple tools, automating responses, and coordinating processes. These solutions enable quicker response times and enhance threat management efficiency for security teams.These systems centralize and automate vast amounts of data across an organization's security infrastructure. Analysts are empowered to manage tasks from a single interface, prioritize threats based on potential...
We use this solution for automated orchestration within our environment. Specifically for us that is privileged escalation, detections, and malware detections that we want to have investigated.
We primarily use the solution for SIEM alerts triage automation and MITRE detection playbooks. We have hundreds of alerts from various detection tools fed into our SIEM. Correlation within the SIEM is difficult for us since our SIEM only supports simple filtering and one level of data sources correlation. Managing and updating correlation rules is a pain. We are now propagating alerts fed into the SIEM directly to LogicHub via a webhook. Within the LogicHub, we have playbooks that automatically enrich the alerts, baseline checking the alerts, risk weighing and scoring the alerts, and then stack ranking the riskiest and impactful ones to be escalated into a case so our analyst can be the human in the loop before we fire off any automated response.