#jobs #incident #vulnerability #patch-management #security-tools #ai #exploit #malware #detection-engineering #phishing #cloud #aws #authentication #ransomware #breach
Articles tagged with: #soar Clear filter
Is the SOC tech stack missing a management layer between the SIEM and SOAR?

Is the SOC tech stack missing a management layer between the SIEM and SOAR?

For [Blue|Purple] Teams in Cyber Defence www.reddit.com

I've been thinking a lot about where the SOC tech stack is headed, especially with all the noise around "AI-powered SOCs." Here's my current hypothesis, and I'd love to hear others' thoughts: Most SOCs today are fragmented. Alerts live in the SIEM. Automations live in the SOAR Incidents live in Jira or ServiceNow. Knowledge lives in wikis or docs. That fragmentation kills context and consistency, which are the exact ingredients AI and automation need to actually perform well. I believe the next...

#soar #siem
Moved to Vienna with 2 years of cybersecurity experience (Fortune 500 background) but keep getting rejected - any advice or English-speaking companies?

Moved to Vienna with 2 years of cybersecurity experience (Fortune 500 background) but keep getting rejected - any advice or English-speaking companies?

cybersecurity www.reddit.com

Hey everyone, I've been working in cybersecurity for about 2 years, mainly as a Security Analyst in Fortune 500 companies. My background includes SOC operations, vulnerability management,SOAR and etc. I hold a CompTIA Security+ certification, have completed a CCNA course, and recently finished an ISO 27001 Lead Auditor training. I'm also an EU citizen, so I don't need any visa sponsorship or work permit. A few months ago I moved to Vienna, Austria, hoping to continue my cybersecurity career...

#vulnerability #patch-management #soar #iso-27001
I'm confused about whether I should still practice writing code from scratch.

I'm confused about whether I should still practice writing code from scratch.

cybersecurity www.reddit.com

I have been working in Splunk SOAR lately, which involves working with APIs, Python, and JSON mostly. I work on creating new actions in the app provided by Splunk, which involves modifying Python and JSON code, for which I rely on Claude as it saves time and gives me, most of the time, exactly what I was looking for. I sometimes feel like I am not learning any new Python coding skills as such, but learning how to develop workflows for automation via SOAR. Is this what everyone working in SOAR...

#soar
Qual SOAR vocês usam no dia a dia de trabalho?

Qual SOAR vocês usam no dia a dia de trabalho?

cybersecurity www.reddit.com

Gostaria de saber nas empresas nas quais vocês trabalham, qual SOAR vocês usam? Vocês preferem uma solução nas núvens, hibrida ou local? No Brasil , uma pessoa que está iniciando em SI deveria se dedicar a conhecer qual SOAR? submitted by /u/Gabriel_Cinzao [link] [comments]

#soar
O Google Chronicle Soar é muito escondidinho?

O Google Chronicle Soar é muito escondidinho?

cybersecurity www.reddit.com

Eu estava aprendendo a mexer no Shuffle mas lá no meu emprego o pessoal tá querendo abrir uma vaga para gerenciar o Google Chronicle Soar. Aí me surgiram algumas dúvidas: Por que toda a pessoa que fala desse soar no google, no topo à esquerda da aplicação web aparece uma logo marca escrita "SiemplifyCloud" ? Não deveria aparecer "Google Chronicle"? Sempre que vejo o povo que fala inglês no Youtube falar sobre esse SOAR eles , eles mostram itens nele chamados de "playbooks", mas em SI eu aprendi...

#soar
Fusion SOAR Workflows - device events

Fusion SOAR Workflows - device events

CrowdStrike www.reddit.com

Hello, Given the recent introduction of Fusion SOAR support for triggers related to Device Control, including the event "file written to removable storage," is it possible to have an example of how to receive an alert in the event of mass file copying between endpoints and removable devices? Perhaps u/Andrew-CS can we help. Thank you. submitted by /u/f0rt7 [link] [comments]

#soar
Re-Writing the Playbook  -  A detection-driven approach to Incident Response

Re-Writing the Playbook  -  A detection-driven approach to Incident Response

Detect FYI - Medium detect.fyi

Re-Writing the Playbook - A detection-driven approach to Incident Response When was the last time you looked at one of your incident response playbooks? "Playbooks" is one of those terms that gets used in a lot of different contexts within cybersecurity. It's an amorphous word that shifts and changes depending on the audience - If you're talking to an engineer, they might think of a SOAR automation. If you talk to a CISO, security manager or cyber insurer, you might think of a 180-page...

#incident #detection-engineering #soar #incident-response
Help a bit with a project idea

Help a bit with a project idea

cybersecurity www.reddit.com

Hi guys! Our department of pen testing has a SIEM. We have an ideea to make from scratch a SOAR (an orchestratir). So we need to parse the logs from SIEM and take action when something is going on. Or for example to detect if someone is scanning ports or making some brute force to block his IP. You have some ideas about the stack of technologies and how we should do it please? submitted by /u/darkn3ss98 [link] [comments]

#soar #siem
SOAR Workflow Actions - webhook

SOAR Workflow Actions - webhook

CrowdStrike www.reddit.com

Hello, Is there a way to incorporate json payloads into the webhook card. I want to format my slack alerts using the slack block kit builder but i cant figure out what/where i need to be. Any tips/guides? Googling has not returned any useful information. The docs havent been helpful either unless im looking in the wrong spot. Thanks submitted by /u/lmay0000 [link] [comments]

#soar
SOAR Workflow - Access from IP with bad reputation

SOAR Workflow - Access from IP with bad reputation

CrowdStrike www.reddit.com

Hoping someone can help, looking to setup a workflow to revoke MS Entra sessions and MFA tokens for users that have identity detections of "Access from IP with bad reputation". This can be done within SOAR Workflows, just hoping someone can explain the difference between Source endpoint IP reputation of "Anonymous active, Anonymous suspect, Anonymous inactive, Anonymous private". Cannot find anything that references these in official documentation. submitted by /u/JDK-Ruler [link] [comments]

#soar #identity #mfa
SOAR Workflow - Missing Trigger

SOAR Workflow - Missing Trigger

CrowdStrike www.reddit.com

Does anyone know what the new workflow trigger that is replacing event: AssetManagement/NewManagedAsset I am not seeing anything close to this. submitted by /u/MSP-IT-Simplified [link] [comments]

#soar