Hope you all enjoyed today's session - I love seeing this end of the chain; as Ben said on the EMEA session, this is the 'fun' bit where everything we've learnt so far comes together!
Here's links to a few resources that we mentioned today:
And here's a link to an article comparing SIEM to MTR - building on what Kris spoke to in our session this afternoon. https://partnernews.sophos.com/en-us/2020/02/products/mtr-or-siem/
Anything else you need, let us know in the comments below!
Hi Nick i made a note about something Ben around SAAW (think that's spelt correctly) wanted to do some further research on this. do you guys have any links or further detail that you could share. thanks
So many acronyms, SOAR - Security Orchestration Automation and Response.
The best example of SOAR is "The Hive Project" https://thehive-project.org/, it's easy to get up and running and using respondents you can get a security event and automate the response based on the type of event that you're dealing with.