Video

Splunk SOAR Explained - What is Splunk SOAR?

Episode 1

Play Video

Video Summary

This video introduces the concept of Splunk SOAR (Security Orchestration, Automation, and Response), focusing on how security automation removes the need for human interaction in key stages of cybersecurity operations. SOAR allows machines to handle the detection, investigation, and response to security threats, automating tasks that would typically be performed by analysts. This automation includes threat detection, triaging, and action execution, which helps analysts focus on more critical tasks. Security orchestration, another key feature of SOAR, involves the coordination of interdependent security actions across various systems, ensuring all tools are integrated and workflows are automated.

Additionally, the video covers the role of security response within SOAR, providing a unified dashboard that allows security analysts to manage threats from detection through to resolution. SOAR streamlines this process through case management, consolidating events from multiple sources and enabling seamless handling of incidents. The technology supports integration with a range of security tools, simplifying the overall security operations. Finally, the video positions Splunk SOAR within the "decide" and "act" phases of the OODA (Observe, Orient, Decide, Act) model, where it helps organisations automate decision-making and response actions, boosting efficiency and improving their security posture.Additionally, the video explores the different types of streams, including metadata, packet, and ephemeral streams, and demonstrates how these are managed through the Splunk Stream app's dashboard. This interface allows users to configure streams, view inputs, and adjust settings such as indexes and protocols.

Additional Resources

Who are Somerford?

We are a passionate group of people delivering innovation to our customers on their digital transformation journey.

Splunk Edge Hub

Effortlessly streamline the process of inegrating your data with the Splunk Edge Hub.

Splunk Security Solutions

Utilise Splunk's suite of security solutions designed to provide uniefied and robust defence against cyber threads.

Get in Touch to Learn More

With specialist knowledge, skills and experience derived from supporting a broad range of FTSE 100, FTSE 250 and smaller companies Somerford Associates have a strong reputation for enabling digital transformation at scale, at pace and in budget.
Scroll to Top