Room link: https://tryhackme.com/room/soar
Created by: tryhackme, SecurityNomad, Aashir.Masood
“To defend against attacks, a SOC team relies on various security solutions, such as SIEM, EDR, firewalls, and threat intelligence platforms. They also communicate with IT and management teams as part of their processes. However, as threats grow more complex and advanced, SOC teams face challenges like alert fatigue, manual processes, too many disconnected tools, and difficulties in communication across teams. In this room, we will explore how the Security Orchestration, Automation, and Response (SOAR) tool overcomes these challenges for a SOC team.”
In Task 2, Traditional SOC and Challeneges, THM covers of key capabilities of a SOC including: Monitoring and Detection, Recovery and Remediation, Recovery and Remediation, Threat Intelligence, and Communication. It also goes into detail about challenges an analyst might face: Alert fatigue, too many disconnected tools, manual processes, and talent shortage.
Task 3, “Overcoming SOC Challenges with SOAR”. “Security Orchestration, Automation, and Response (SOAR) is a tool that unifies all the security tools used in a SOC. With SOAR, SOC analysts do not need to switch between SIEM, EDR, Firewall, and other security tools for their investigations. They can operate all these tools within a single SOAR interface. Along with unifying the security tools, it also provides ticketing and case management features to the analysts, through which they can document, track, and resolve their incidents in a structured way.”
In the next task, THM brings up the importance of manual analysis when it comes to playbooks.
After this will is a practical challenge, “Threat Intel Workflow Practical”.
