SOAR (Security Orchestration, Automation, and Response) 🟢 Protection
SOAR (Security Orchestration, Automation, and Response) is a category of platforms and tools designed to improve the management of cybersecurity operations.
Orchestration: integration and coordination of heterogeneous security tools, systems and processes (e.g. SIEM, EDR, threat intelligence) to centralise their operation.
Automation: Automated execution of repetitive or complex tasks (e.g. analysing alerts, blocking malicious IP addresses) via playbooks (predefined scenarios).
Response: Accelerated management of security incidents, from detection to resolution, using standardised procedures.