As the name suggests, SOAR orchestrates all the devices from different vendors you have in your network, to automates processes and responses to specific events and threats . We achieve this by connecting to those devices through APIs that product vendors supply. In a typical environment, SOAR can be integrated…
As the nature of SOC goes, SIEM implementation needs to cater multiple customers with preferably a single view to manage all of them. At the same time, it is extremely important to keep the customers’ data separate, so the customers don’t end up seeing each other’s information. On the other…
One of the simplest ways to explain QRadar’s architecture is to follow the flow of data through it. This means, what input data is fed into QRadar, and how different components process this data, to produce useful information. QRadar primarily receives three different types of inputs. These are: 1 –…
SIEM stands for Security Information and Event Management. This is a software, which collects and aggregates log data from the entire spectrum of devices (endpoints, network devices, servers, firewalls, IPS/ IDS, IAM, AD etc), in order to make best sense of the situation at hand, and give a real time…