How SOCAutomation Works

The SOCAutomation platform seamlessly plugs into all SIEMs and rapidly adds the much needed context to incidents, making the security analysts job far ‘slicker’ by delivering knowledge to his/her fingertips, while continuously automating laborious tasks.

1. Detection

Allowing ‘undampened’ alarms increases ROI on detection investment, and greatly increases threat visibility.

Alarm Detection Systems

High Volume Threat Data (Unfiltered)

2. Triage

This section takes a SOC analyst hours, days, or weeks, so typically is not done or is incomplete. SOCAutomation performs this in seconds.


Business Context

  • Asset Information
  • Asset Owners
  • Managed by/ Remediator
  • Asset Gravity (Importance)
  • Stakeholders

Security Context

  • Endpoint Research
  • Threat Intel Lookups
  • CVE/Vulnerability Checks
  • Patch/KB Lookups
  • Regulatory Compliance


Business Integration

  • Built-in
  • AFS (Automated Feedback Service)
  • CSV
  • VA Scanner Data (Nessus, Qualys, etc.)
  • GRC


Prioritisation

  • Auto-Triage
  • Business Gravity
  • SLA Routing


3. Automation

Automate at all levels of the security incident lifecycle

879

incidents filtered and audited with KPI’s and ongoing trend analysis

124

incidents automatically triaged with KPI’s and trend analysis

7

incidents need further investigation and response

Number of High Priority Alerts

41

4. Operations

Security teams can focus on actionable incidents


  • SOC Processes and Security Team

  • Ticketing/ Workflow

  • KPI and Management View


How This Helps Your Team

Resources
Book Demo
Contact Us

Contact Cookies Privacy Policy ©Copyright 2005-2021 Honeycomb Technologies Ltd. SOCAutomation and the SOCAutomation logo are trademarks of Honeycomb Technologies Ltd. and Honeycomb Technologies Inc. (USA). All Rights Reserved.