Worflow automation (SOAR)
The workflow automation can be accessed by clicking on the modules shortcut on the left side of the main interface. This will present the default screen, which contains the example workflows provided. The basic workflows provided demonstrate some of the integration that can be accomplished by using the various built-in apps available within the SOAR application.
The original idea behind the concept of a SIEM was to provide the blue or defending team of the IT departments with a mechanism by which to collect logs, correlate events with the possibility of performing incident response, detection of attacks as well as cover compliance requirements. SIEM’s were also created to make the wall of noise presented by the various log sources more manageable in the environments that they have been configured for.
For many years, these types of solutions provided great visibility of the activities inside an environment and by means of alerts and visualizations allowed the teams in question to address items as they occur as well as investigate items that were detected after the fact.
In today’s environments however, the log volumes and complexities in even the smallest of environments have gotten to the state where it becomes difficult to impossible for the small teams tending to the stated environments to address all activity. A need was classified for the automation of all aspects of the cyber protection of environments. Out of this need, the concept of the SOAR was established.
To this end SIEMonster has included bleeding edge Shuffle SOAR technology that will allow for the creation of workflows that can integrate with applications that form part of the SIEMonster stack, as well as external products that are often found as part of the cyber security toolsets deployed within the enterprise.
The current iteration of the SOAR component has the following features:
Simple workflow automation editor
Premade apps for a large number of security tools
An app creator for OpenAPI based integration
Easy to learn Python library for custom apps
Due to the fact that the solution fully supports the OpenAPI architecture, direct access to over 11 000 api’s can be automated. A large number of these API’s can be reviewed at the following URL:
https://apis.guru/browse-apis/
This drastically reduces development time for new integrations and allows for the efficiency of the teams to be optimized.