General
November 13, 2020

Make better ROI on your SOAR implementations – Document your process first – then selectively automate

By venkat

First – We compliment a SOAR solution. Our approach is to first design all your playbooks on Kanban boards, know the tasks well, profile them and run them manually. Then selectively move to automation using your selected SOAR solution.

Advantages

  • Easy for analysts to quickly build the playbooks in simple visual interface.
  • Easy for analysts to remember the tasks and build muscle memory required during an actual incident and hour of crisis.
  • Will help to avoid a tight lock-in with your SOAR vendor and you can easily prototype with multiple vendors.

Playbook development workflow

Below is a proposed workflow of a Playbook as we have observed working with enterprises and critical infrastructure companies

  • Step 1 – Playbook designed and manually tested on FlexibleIR kanban boards.
  • Step 2 – Continuous playbook evolution & move to state-of-art on FlexibleIR kanban boards
  • Step 3 – Playbook built, automated & deployed on any SOAR solution.

About The Author

Venkat is founder of FlexibleIR. He brings 20 years of experience in building tools and products at Sun Microsystems, Intel, Novell, HP, Yahoo,Tesco and startups. He has developed test suites and frameworks for post silicon validation of the Xeon processor family (Fuzzing). He has worked deeply on UFS files system at SUN Microsystem. Was a security paranoid at Yahoo.

Leave a Reply