Team Lead for Global Security at a non-tech company with 201-500 employees
Real User
Top 5
2022-10-18T15:37:09Z
Oct 18, 2022
We use this solution for automated orchestration within our environment. Specifically for us that is privileged escalation, detections, and malware detections that we want to have investigated.
We primarily use the solution for SIEM alerts triage automation and MITRE detection playbooks. We have hundreds of alerts from various detection tools fed into our SIEM. Correlation within the SIEM is difficult for us since our SIEM only supports simple filtering and one level of data sources correlation. Managing and updating correlation rules is a pain. We are now propagating alerts fed into the SIEM directly to LogicHub via a webhook. Within the LogicHub, we have playbooks that automatically enrich the alerts, baseline checking the alerts, risk weighing and scoring the alerts, and then stack ranking the riskiest and impactful ones to be escalated into a case so our analyst can be the human in the loop before we fire off any automated response.
Find out what your peers are saying about LogicHub, Splunk, Securonix Solutions and others in Security Orchestration Automation and Response (SOAR). Updated: April 2024.
What is a SOAR system? SOAR is an acronym for Security Orchestration, Automation, and Response. A SOAR platform consists of a group of security software tools that help organizations streamline, execute, and automate security tasks carried out by people and tools. SOAR solutions automate and coordinate workflows, including various security tools and human tasks. This enables a quicker response to attacks and the overall strengthening of the security posture.
A SOAR platform improves security...
We use this solution for automated orchestration within our environment. Specifically for us that is privileged escalation, detections, and malware detections that we want to have investigated.
We primarily use the solution for SIEM alerts triage automation and MITRE detection playbooks. We have hundreds of alerts from various detection tools fed into our SIEM. Correlation within the SIEM is difficult for us since our SIEM only supports simple filtering and one level of data sources correlation. Managing and updating correlation rules is a pain. We are now propagating alerts fed into the SIEM directly to LogicHub via a webhook. Within the LogicHub, we have playbooks that automatically enrich the alerts, baseline checking the alerts, risk weighing and scoring the alerts, and then stack ranking the riskiest and impactful ones to be escalated into a case so our analyst can be the human in the loop before we fire off any automated response.