As someone responsible for managing Security Operations/Detection & Response, we utilize IBM Security QRadar SOAR every day. It is a robust tool that we have integrated with our SIEM, QRadar. This allows our analysts to send offenses to the SOAR platform which opens a single case management document and extracts data from the offense into the artifacts section (e.g. IP addresses, URLs, etc.). We have configured this with categories such as phishing, malware, etc. Each category includes incident response steps that the analysts follow to assist in gathering all information necessary. The platform can also be utilized to provide metrics.
September 11, 2023
You cant use sub-playbooks easily, view of dependency of modules are not visible, application library is limited.
April 7, 2023