Making the SOC more effective by enabling automation with better data presented at FutureConKansasCity 2020

by Alex Kirk,

Summary : SOAR has been pitched to the industry as a way to resolve alert fatigue by automating common analyst workflows. Experience shows, however, that automation is only as good as the data that underlies it - so many people avoid SOAR, because of the complexity of getting "ready" for it. This talk will discuss open source Zeek as an approach for simplifying the acquisition of network data that's directly applicable to SOAR, and the application of it through open source playbooks being released by Corelight.