I understand there is a way to create a case and assign to someone when an alert is triggered. But SOAR means automatic remediation. The documentation says 'Easily automate your team’s security incident response with Elastic SOAR — ready for download or hosted in Elastic Cloud.'
but I am unable to see how to automate a case creation or auto remediate. can someone help clarify?
What documentation are you refering to?
I believe most of the documentation refers to using third parties (like tines) to do this.
Hi @searchwithme !
Natively, Elastic Security has SOAR capabilities with Responder and playbooks associated with detection alerts. I haven't tested it yet, however, I believe its orchestration and automation sprawl can best be leveraged with third-party solutions like TheHive, ServiceNow... It's worth taking a look and exploring the native features and integrations. Here are some interesting links:
Even, i want to learn that how this SOAR works in Elastic Cloud ?
In the links above, you have all the details of using Elastic's SOAR feature.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.