Soar in elastic

I understand there is a way to create a case and assign to someone when an alert is triggered. But SOAR means automatic remediation. The documentation says 'Easily automate your team’s security incident response with Elastic SOAR — ready for download or hosted in Elastic Cloud.'

but I am unable to see how to automate a case creation or auto remediate. can someone help clarify?

What documentation are you refering to?

I believe most of the documentation refers to using third parties (like tines) to do this.

Hi @searchwithme !

Natively, Elastic Security has SOAR capabilities with Responder and playbooks associated with detection alerts. I haven't tested it yet, however, I believe its orchestration and automation sprawl can best be leveraged with third-party solutions like TheHive, ServiceNow... It's worth taking a look and exploring the native features and integrations. Here are some interesting links:

Even, i want to learn that how this SOAR works in Elastic Cloud ?

In the links above, you have all the details of using Elastic's SOAR feature.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.