Description
SecureVisio SOAR
The SecureVisio platform includes an advanced SOAR (Security Orchestration Automation and Response) module. This allows you to implement security incident handling processes and procedures in accordance with industry best practices (including ISO- 270035, NIST SP 800-61R2, ENISA, and Carnegie Mellon University). Each potential security incident created by the correlation mechanisms becomes part of a process whereby SecureVisio automatically enriches the data, tracks status, response, and handling times, escalates the incident, explores potential consequences, and provides scenarios for addressing each stage of the analysis and response process.
Advanced SOAR features
SecureVisio automatically assigns tasks to SOC team members based on defined parameters and the event context. The workflow follows scenarios customized for each stage of the incident handling process. Advanced SOAR features include:
-
A graphic interface for creating scenarios;
-
Action plans broken down into steps and stages;
-
Interaction with end users, asking questions and making further steps contingent on the answers;
-
Changing the scenario or jumping to another step based on the circumstances;
-
Embedded, automatic, or automated system actions within scenarios;
-
Multiple scenarios automatically applied depending on status, context, and incident/event parameters;
-
Notification of service teams and resource and process owners based on defined parameters such as resource type, processes at risk, resource importance, incident/event priority;
-
Notification when the incident/event status changes;
-
Notification when the established response and service times are exceeded;
-
Response and handling times dependent on incident/event priority;