How SOCAutomation Works

The SOCAutomation platform seamlessly plugs into all SIEMs and rapidly adds the much needed context to incidents, making the security analysts job far ‘slicker’ by delivering knowledge to his/her fingertips, while continuously automating laborious tasks.

1. Detection

Allowing ‘undampened’ alarms increases ROI on detection investment, and greatly increases threat visibility.

Alarm Detection Systems

High Volume Threat Data (Unfiltered)

2. Triage

This section takes a SOC analyst hours, days, or weeks, so typically is not done or is incomplete. SOCAutomation performs this in seconds.

Business Context

  • Asset Information
  • Asset Owners
  • Managed by/ Remediator
  • Asset Gravity (Importance)
  • Stakeholders

Security Context

  • Endpoint Research
  • Threat Intel Lookups
  • CVE/Vulnerability Checks
  • Patch/KB Lookups
  • Regulatory Compliance

Business Integration

  • Built-in
  • AFS (Automated Feedback Service)
  • CSV
  • VA Scanner Data (Nessus, Qualys, etc.)
  • GRC


  • Auto-Triage
  • Business Gravity
  • SLA Routing

3. Automation

Automate at all levels of the security incident lifecycle


incidents filtered and audited with KPI’s and ongoing trend analysis


incidents automatically triaged with KPI’s and trend analysis


incidents need further investigation and response

Number of High Priority Alerts


4. Operations

Security teams can focus on actionable incidents

  • SOC Processes and Security Team

  • Ticketing/ Workflow

  • KPI and Management View

How This Helps Your Team