I understand there is a way to create a case and assign to someone when an alert is triggered. But SOAR means automatic remediation. The documentation says 'Easily automate your team’s security incident response with Elastic SOAR — ready for download or hosted in Elastic Cloud.'
but I am unable to see how to automate a case creation or auto remediate. can someone help clarify?
Natively, Elastic Security has SOAR capabilities with Responder and playbooks associated with detection alerts. I haven't tested it yet, however, I believe its orchestration and automation sprawl can best be leveraged with third-party solutions like TheHive, ServiceNow... It's worth taking a look and exploring the native features and integrations. Here are some interesting links: