Automation rules in Agentic SOC orchestrate security systems and services through SOAR (Security Orchestration, Automation, and Response), enabling automated responses to alerts and incidents.
Background
Security experts spend significant time on routine tasks like security reviews and handling trojans and mining programs, limiting their focus on critical work such as network defense and security research.
SOAR automates daily security routines and accelerates incident response. This frees security experts to focus on advanced persistent threats (APTs). Routine processes documented as clear, executable standards in SOAR provide best practices for others.
Terms
Key concepts for automation rules:
|
Term |
Description |
|
playbook |
|
|
process |
|
|
component |
|
|
resource instance |
A specific resource within an external service. For example, if you use the MySQL component, you must specify which MySQL database to connect to. |
|
action |
A capability provided by a component. Each component supports multiple actions. For example, the terminal management component offers actions like disabling accounts, isolating networks, and sending notifications. |