Play Video about Splunk Soar Explained Digitising Playbooks
Video Summary
This video explains how existing incident response playbooks can be digitised using Splunk SOAR to enhance automation and streamline workflows. It outlines two main approaches to playbook design: automated and workflow-oriented. The automated approach focuses on sending events to Splunk SOAR for enrichment and automatic task execution, while the workflow-oriented approach involves analysts interacting with the system and triggering playbooks as needed. By combining these approaches, organisations can optimise their incident response processes and improve efficiency.
The video also highlights the importance of planning for automation by identifying repeatable tasks, documenting processes, and designing compact playbooks for reuse across different scenarios. The recommended I2 A2 (Input, Interaction, Action, Artifact) methodology helps guide the design of playbooks by defining inputs, system interactions, actions taken, and changes made. By starting with the automation of simple tasks, organisations can gradually extend automation across more complex security use cases, enhancing both incident response and overall security posture.
The video also highlights the importance of planning for automation by identifying repeatable tasks, documenting processes, and designing compact playbooks for reuse across different scenarios. The recommended I2 A2 (Input, Interaction, Action, Artifact) methodology helps guide the design of playbooks by defining inputs, system interactions, actions taken, and changes made. By starting with the automation of simple tasks, organisations can gradually extend automation across more complex security use cases, enhancing both incident response and overall security posture.
Other Videos in this Series
Splunk SOAR Explained - Response 101
Episode 4
Additional Resources
Who are Somerford?
We are a passionate group of people delivering innovation to our customers on their digital transformation journey.
Splunk Edge Hub
Effortlessly streamline the process of inegrating your data with the Splunk Edge Hub.
Splunk Security Solutions
Utilise Splunk's suite of security solutions designed to provide uniefied and robust defence against cyber threads.
Get in Touch to Learn More
With specialist knowledge, skills and experience derived from supporting a broad range of FTSE 100, FTSE 250 and smaller companies Somerford Associates have a strong reputation for enabling digital transformation at scale, at pace and in budget.