How SOCAutomation Works

The SOCAutomation platform seamlessly plugs into all SIEMs and rapidly adds the much needed context to incidents, making the security analysts job far ‘slicker’ by delivering knowledge to his/her fingertips, while continuously automating laborious tasks.

1. Detection

Allowing ‘undampened’ alarms increases ROI on detection investment, and greatly increases threat visibility.

Alarm Detection Systems

High Volume Threat Data (Unfiltered)

Number of High Priority Alerts

2. Triage

This section takes a SOC analyst hours, days, or weeks, so typically is not done or is incomplete. SOCAutomation performs this in seconds.


Business Context

  • Asset Information

  • Asset Owners

  • Managed by/ Remediator

  • Asset Gravity (Importance)

  • Stakeholders

Security Context

  • Endpoint Research

  • Threat Intel Lookups

  • CVE/Vulnerability Checks

  • Patch/KB Lookups

  • Regulatory Compliance


Business Integration

  • Built-in

  • AFS (Automated Feedback Service)

  • CSV

  • VA Scanner Data (Nessus, Qualys, etc.)

  • GRC


Prioritisation

  • Auto-Triage

  • Business Gravity

  • SLA Routing


Number of High Priority Alerts

3. Automation

Automate at all levels of the security incident lifecycle

of incidents filtered and audited with KPI’s and ongoing trend analysis

of incidents automatically triaged with KPI’s and trend analysis

of incidents need further investigation and response

Number of High Priority Alerts

4. Operations

Security teams can focus on actionable incidents


  • SOC Processes and Security Team

  • Ticketing/ Workflow

  • KPI and Management View


How This Helps Your Team