{"id":6303,"date":"2022-08-02T12:18:31","date_gmt":"2022-08-02T16:18:31","guid":{"rendered":"https:\/\/ptp.cloud\/?p=6303"},"modified":"2024-06-03T02:59:56","modified_gmt":"2024-06-03T06:59:56","slug":"soar-based-security-monitoring","status":"publish","type":"post","link":"https:\/\/ptp.cloud\/soar-based-security-monitoring\/","title":{"rendered":"SOAR based Security Monitoring"},"content":{"rendered":"[et_pb_section fb_built=”1″ admin_label=”section” _builder_version=”4.16″ custom_padding=”2px|||||” da_disable_devices=”off|off|off” global_colors_info=”{}” da_is_popup=”off” da_exit_intent=”off” da_has_close=”on” da_alt_close=”off” da_dark_close=”off” da_not_modal=”on” da_is_singular=”off” da_with_loader=”off” da_has_shadow=”on”][et_pb_row admin_label=”row” _builder_version=”4.16″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ custom_padding=”|||” global_colors_info=”{}” custom_padding__hover=”|||”][et_pb_text admin_label=”Text” _builder_version=”4.25.1″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}”]\n

By: Rich Hauke, CISSP<\/em><\/a><\/p>\n

Security vendors are everywhere, coming out of the woodwork. \u00a0A fast growing segment of IT will yield significant investment from VCs looking to identify a rising star that has an angle on data protection that will be valuable to the market. \u00a0The volume of products and services and the overlap can be overwhelming. \u00a0The reality is many products and services can be valuable if implemented correctly, and many can fall short of expectations without the proper investment in people and process to run them. \u00a0Enter PTP’s SOC Services powered by SOAR.<\/p>\n

PTP has built a Security Orchestration Automation and Response (SOAR) platform compiled a set of tools for threat detection and response. \u00a0Our SOAR platform yields immense value at a highly competitive cost which is critical to our customers who are growing and lack significant budgets for data security and security monitoring. \u00a0Our recipe follows the NIST<\/a> framework focusing and the segments of Identify, Protect, Detect, Respond and Recover. \u00a0This discussion will focus on the platform used by PTP for “Detect” and how we gather data from our customers’ data protection tools and systems and analyze that data to make intelligent decisions on risks for breach.<\/p>\n

<\/h4>\n

Logs, Parsing, Rules, ML & Alerting<\/h4>\n

SIEMs (Security Information and Event Management) have been around for quite a while. \u00a0Early versions of SIEMs were created in large part to address log management and storage requirements from the Payment Card Industry Data Security Standards (PCI DSS). \u00a0These systems could parse logs from servers, firewalls and other devices and could provide retention of those logs, reporting of what was retained, and with some struggle, they could allow Security Operations Center (SOC) teams to search the logs. \u00a0Newer versions, or Next Generation SIEMs, have improved the parsing of disparate logs, include faster databases for searching, archive older logs and have included rule sets and machine learning (ML) for the correlation of logs and the evaluation of indicators of compromise (IOCs). \u00a0PTP leverages Fluency Security<\/a> for our SIEM platform for a number of significant reasons that include: parsing ability, threat hunting, speed of searches, extensive rule set for ML, ability for API integration and working relationship with Fluency leadership. \u00a0The image below outlines the workflow of Fluency from receipt of logs and data from datasources through it’s process of making decisions on events becoming security incidents.<\/p>\n

\"\"<\/p>\n

 <\/p>\n

Making the SIEM Part of a SOAR<\/h4>\n

PTP\u2019s SOAR (Security Orchestration Automation and Response) implementation consists of a select group of tools and technologies. PTP leverages the platform along with our people and processes to assist in incident investigations, automate incident response and remediation, and provide our security analyst with a single point of visibility for events, threat intelligence and sharing.<\/p>\n

The SOAR environment is utilized to reduce repetitive actions, automate analysis, and provide the correlation of observables across the PTP customer environments. It is a core platform that helps the SOC respond to incidents by providing standardization of data types, tagging of findings, and analysis of observations.<\/p>\n

The environment consists of four highly integrated platforms depicted below.<\/p>\n

 <\/p>\n

\"\"<\/p>\n

 <\/p>\n

The Hive<\/h5>\n

The Hive is a Security Incident Response Platform (SIRP). A system whose purpose is to assist incident responders with investigations and to make data readily available for analysis. The Hive is the integration point with PTP’s ISTM (ConnectWise) to communicate updates and status information between the SIRP and the ticketing system.<\/p>\n

Cortex<\/h5>\n

Cortex is an analysis and active response engine. This process engine performs the heavy lifting when analysis of observables or handling of responders is required. Cortex comes with a base of over a hundred analyzers that can be applied to observable data covering a wide range of indicator types.<\/p>\n

MISP<\/h5>\n

MISP is a Threat Intelligence Platform (TIP). This platform is used world-wide for sharing, storing, and correlating cyber security indicators across the security intelligence community. It is utilized to standardize the communication of these indicators and provide a key framework for communicating that information.<\/p>\n

Shuffle<\/h5>\n

Shuffle is an automation and response platform. Shuffle bridges the gap between the components above and disparate systems, applications, and code. It provides an interface with APIs, a modular coding environment, and workflow for automation of actions, responses, and scheduling of repetitive tasks.<\/p>\n

Process Integration<\/h5>\n

The main interface for the SOAR environment is through The Hive. User access requires a client VPN connection to the AWS VPC containing the SOAR components. The interface is browser-based and integrated with SSO for authorization and authentication.<\/p>\n

When a Fluency alert is generated, the PeakPlus integration backend will create a ticket in ConnectWise and a corresponding case in The Hive that is prepopulated with data from the event. This helps accelerate the incident investigation and populates the case with standard types of data. SOC personnel are then free to begin running automations and data gathering tasks on the data, follow the deep link into Fluency to the triggering alert, and add other data or observations to the case as it progresses.<\/p>\n

 <\/p>\n

PTP SOAR In Action<\/h4>\n

Once an incident ticket is created, it is immediately apparent if any of the data correlates to other cases in the system and the status of those cases. \u00a0See below.<\/p>\n

\"\"<\/p>\n

 <\/p>\n

Next, the list of related incidents can be expanded immediately to see exactly what observation details match with the current case to assist in handling of the ticket.<\/p>\n

\"\"<\/p>\n

 <\/p>\n

As seen in these images, tagging is heavily utilized to make sense of the data by pulling things together and increasing the visibility of important factors. The power of this feature combined with workflow automation is very apparent when dealing with lists of IP addresses from incident investigations. The data in the image below represents the results of triggering the automated tasks against a list of addresses. This workflow completed 24 searches against disparate sources for each IP address in the list within a couple of minutes and provides highly visible feedback to the analyst about them.<\/p>\n

 <\/p>\n

\"\"<\/em><\/a><\/p>\n

While the Hive is the main interface and most visible part of the environment, Cortex is tightly integrated with it to perform the heavy lifting. All the automation performed for the workflows is handed off to Cortex for processing and analysis. The results are then handed back to The Hive for collation, tagging, and tracking.<\/p>\n

Both components communicate with MISP. MISP is used because “nobody knows everything, but everyone knows something”. MISP contains the current state of public knowledge about the world of security at large and is used to mine that data for IOCs. Our MISP is currently monitoring 47 data feeds covering 56 Galaxies (large data-object clusters) and 127 data taxonomies (namespaces). It encompasses data sets from such things as blocklists and Tor exit nodes, telemetry data on active APT groups, and malware indicators. These feeds are curated to reduce overlap and cast as wide a net as possible.<\/p>\n

 <\/p>\n

Summary<\/h4>\n

Security monitoring is about finding the needle in the haystack. \u00a0Effective protection tools block the majority of activity, but it is the covert behavior that can cause the greatest harm, with malware sitting dormant in an environment until it is time for it to act. \u00a0The combination of intelligent tools architected together in PTP’s SOAR environment allows the platform to sift through the massive volumes of event data and present to the security analyst those high risk items that require further investigation, and when doing so, determine if those activities are present in other monitored customer environment.<\/p>\n

Want to take our services for a test drive? \u00a0Click HERE<\/a> for information on a FREE Proof of Concept!<\/p>\n[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]\n<\/span>","protected":false},"excerpt":{"rendered":"

Rich Hauke, CISSP, discusses the comprehensive SOAR platform implemented by PTP for effective security monitoring and incident response. By leveraging advanced tools like Fluency Security for SIEM, The Hive, Cortex, MISP, and Shuffle, PTP’s platform offers robust threat detection, automated incident response, and extensive data correlation to protect customer environments. The platform follows the NIST framework and integrates seamlessly to provide a unified security monitoring solution.<\/p>\n","protected":false},"author":2,"featured_media":6310,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"By: Rich Hauke, CISSP<\/em>\r\n\r\nSecurity vendors are everywhere, coming out of the woodwork. \u00a0A fast growing segment of IT will yield significant investment from VCs looking to identify a rising star that has an angle on data protection that will be valuable to the market. \u00a0The volume of products and services and the overlap can be overwhelming. \u00a0The reality is many products and services can be valuable if implemented correctly, and many can fall short of expectations without the proper investment in people and process to run them. \u00a0Enter PTP's SOC Services powered by SOAR.\r\n\r\nPTP has built a Security Orchestration Automation and Response (SOAR) platform compiled a set of tools for threat detection and response. \u00a0Our SOAR platform yields immense value at a highly competitive cost which is critical to our customers who are growing and lack significant budgets for data security and security monitoring. \u00a0Our recipe follows the NIST<\/a> framework focusing and the segments of Identify, Protect, Detect, Respond and Recover. \u00a0This discussion will focus on the platform used by PTP for \"Detect\" and how we gather data from our customers' data protection tools and systems and analyze that data to make intelligent decisions on risks for breach.\r\n

<\/h4>\r\n

Logs, Parsing, Rules, ML & Alerting<\/h4>\r\nSIEMs (Security Information and Event Management) have been around for quite a while. \u00a0Early versions of SIEMs were created in large part to address log management and storage requirements from the Payment Card Industry Data Security Standards (PCI DSS). \u00a0These systems could parse logs from servers, firewalls and other devices and could provide retention of those logs, reporting of what was retained, and with some struggle, they could allow Security Operations Center (SOC) teams to search the logs. \u00a0Newer versions, or Next Generation SIEMs, have improved the parsing of disparate logs, include faster databases for searching, archive older logs and have included rule sets and machine learning (ML) for the correlation of logs and the evaluation of indicators of compromise (IOCs). \u00a0PTP leverages Fluency Security<\/a> for our SIEM platform for a number of significant reasons that include: parsing ability, threat hunting, speed of searches, extensive rule set for ML, ability for API integration and working relationship with Fluency leadership. \u00a0The image below outlines the workflow of Fluency from receipt of logs and data from datasources through it's process of making decisions on events becoming security incidents.\r\n\r\n\"\"\r\n\r\n\u00a0\r\n

Making the SIEM Part of a SOAR<\/h4>\r\nPTP\u2019s SOAR (Security Orchestration Automation and Response) implementation consists of a select group of tools and technologies. PTP leverages the platform along with our people and processes to assist in incident investigations, automate incident response and remediation, and provide our security analyst with a single point of visibility for events, threat intelligence and sharing.\r\n\r\nThe SOAR environment is utilized to reduce repetitive actions, automate analysis, and provide the correlation of observables across the PTP customer environments. It is a core platform that helps the SOC respond to incidents by providing standardization of data types, tagging of findings, and analysis of observations.\r\n\r\nThe environment consists of four highly integrated platforms depicted below.\r\n\r\n\u00a0\r\n\r\n\"\"\r\n\r\n\u00a0\r\n

The Hive<\/h5>\r\nThe Hive is a Security Incident Response Platform (SIRP). A system whose purpose is to assist incident responders with investigations and to make data readily available for analysis. The Hive is the integration point with PTP's ISTM (ConnectWise) to communicate updates and status information between the SIRP and the ticketing system.\r\n
Cortex<\/h5>\r\nCortex is an analysis and active response engine. This process engine performs the heavy lifting when analysis of observables or handling of responders is required. Cortex comes with a base of over a hundred analyzers that can be applied to observable data covering a wide range of indicator types.\r\n
MISP<\/h5>\r\nMISP is a Threat Intelligence Platform (TIP). This platform is used world-wide for sharing, storing, and correlating cyber security indicators across the security intelligence community. It is utilized to standardize the communication of these indicators and provide a key framework for communicating that information.\r\n
Shuffle<\/h5>\r\nShuffle is an automation and response platform. Shuffle bridges the gap between the components above and disparate systems, applications, and code. It provides an interface with APIs, a modular coding environment, and workflow for automation of actions, responses, and scheduling of repetitive tasks.\r\n
Process Integration<\/h5>\r\nThe main interface for the SOAR environment is through The Hive. User access requires a client VPN connection to the AWS VPC containing the SOAR components. The interface is browser-based and integrated with SSO for authorization and authentication.\r\n\r\nWhen a Fluency alert is generated, the PeakPlus integration backend will create a ticket in ConnectWise and a corresponding case in The Hive that is prepopulated with data from the event. This helps accelerate the incident investigation and populates the case with standard types of data. SOC personnel are then free to begin running automations and data gathering tasks on the data, follow the deep link into Fluency to the triggering alert, and add other data or observations to the case as it progresses.\r\n\r\n\u00a0\r\n

PTP SOAR In Action<\/h4>\r\nOnce an incident ticket is created, it is immediately apparent if any of the data correlates to other cases in the system and the status of those cases. \u00a0See below.\r\n\r\n\"\"\r\n\r\n\u00a0\r\n\r\nNext, the list of related incidents can be expanded immediately to see exactly what observation details match with the current case to assist in handling of the ticket.\r\n\r\n\"\"\r\n\r\n\u00a0\r\n\r\nAs seen in these images, tagging is heavily utilized to make sense of the data by pulling things together and increasing the visibility of important factors. The power of this feature combined with workflow automation is very apparent when dealing with lists of IP addresses from incident investigations. The data in the image below represents the results of triggering the automated tasks against a list of addresses. This workflow completed 24 searches against disparate sources for each IP address in the list within a couple of minutes and provides highly visible feedback to the analyst about them.\r\n\r\n\u00a0\r\n\r\n\"\"\r\n\r\nWhile the Hive is the main interface and most visible part of the environment, Cortex is tightly integrated with it to perform the heavy lifting. All the automation performed for the workflows is handed off to Cortex for processing and analysis. The results are then handed back to The Hive for collation, tagging, and tracking.\r\n\r\nBoth components communicate with MISP. MISP is used because \"nobody knows everything, but everyone knows something\". MISP contains the current state of public knowledge about the world of security at large and is used to mine that data for IOCs. Our MISP is currently monitoring 47 data feeds covering 56 Galaxies (large data-object clusters) and 127 data taxonomies (namespaces). It encompasses data sets from such things as blocklists and Tor exit nodes, telemetry data on active APT groups, and malware indicators. These feeds are curated to reduce overlap and cast as wide a net as possible.\r\n\r\n\u00a0\r\n

Summary<\/h4>\r\nSecurity monitoring is about finding the needle in the haystack. \u00a0Effective protection tools block the majority of activity, but it is the covert behavior that can cause the greatest harm, with malware sitting dormant in an environment until it is time for it to act. \u00a0The combination of intelligent tools architected together in PTP's SOAR environment allows the platform to sift through the massive volumes of event data and present to the security analyst those high risk items that require further investigation, and when doing so, determine if those activities are present in other monitored customer environment.\r\n\r\nWant to take our services for a test drive? \u00a0Click HERE<\/a> for information on a FREE Proof of Concept!","_et_gb_content_width":"","content-type":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[9,1,10],"tags":[96,136,135,138,137],"table_tags":[],"class_list":["post-6303","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloudops-archive","category-news-archive","category-secops-archive","tag-mssp","tag-security-monitoring","tag-soar","tag-soc-services","tag-xdd"],"yoast_head":"\nSOAR based Security Monitoring - PTP | Cloud Experts | Biotech Enablers<\/title>\n<meta name=\"description\" content=\"PTP's SOAR assists in incident investigations and automates incident response and provides our security analyst with a single point of visibility.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/ptp.cloud\/soar-based-security-monitoring\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SOAR based Security Monitoring - PTP | Cloud Experts | Biotech Enablers\" \/>\n<meta property=\"og:description\" content=\"PTP's SOAR assists in incident investigations and automates incident response and provides our security analyst with a single point of visibility.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/ptp.cloud\/soar-based-security-monitoring\/\" \/>\n<meta property=\"og:site_name\" content=\"PTP | Cloud Experts | Biotech Enablers\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/PTPCloud\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-02T16:18:31+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-06-03T06:59:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/ptp.cloud\/wp-content\/uploads\/2022\/08\/SOAR.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1430\" \/>\n\t<meta property=\"og:image:height\" content=\"1069\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Gary Derheim\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@PTPCloud\" \/>\n<meta name=\"twitter:site\" content=\"@PTPCloud\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Gary Derheim\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/ptp.cloud\/soar-based-security-monitoring\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/ptp.cloud\/soar-based-security-monitoring\/\"},\"author\":{\"name\":\"Gary Derheim\",\"@id\":\"https:\/\/ptp.cloud\/#\/schema\/person\/9164cae6fb27fb76f79e048d8dd2d8ab\"},\"headline\":\"SOAR based Security Monitoring\",\"datePublished\":\"2022-08-02T16:18:31+00:00\",\"dateModified\":\"2024-06-03T06:59:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/ptp.cloud\/soar-based-security-monitoring\/\"},\"wordCount\":1392,\"publisher\":{\"@id\":\"https:\/\/ptp.cloud\/#organization\"},\"image\":{\"@id\":\"https:\/\/ptp.cloud\/soar-based-security-monitoring\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/ptp.cloud\/wp-content\/uploads\/2022\/08\/SOAR.png\",\"keywords\":[\"mssp\",\"security monitoring\",\"soar\",\"soc services\",\"xdd\"],\"articleSection\":[\"CloudOps\",\"News\",\"SecOps\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/ptp.cloud\/soar-based-security-monitoring\/\",\"url\":\"https:\/\/ptp.cloud\/soar-based-security-monitoring\/\",\"name\":\"SOAR based Security Monitoring - PTP | Cloud Experts | Biotech Enablers\",\"isPartOf\":{\"@id\":\"https:\/\/ptp.cloud\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/ptp.cloud\/soar-based-security-monitoring\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/ptp.cloud\/soar-based-security-monitoring\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/ptp.cloud\/wp-content\/uploads\/2022\/08\/SOAR.png\",\"datePublished\":\"2022-08-02T16:18:31+00:00\",\"dateModified\":\"2024-06-03T06:59:56+00:00\",\"description\":\"PTP's SOAR assists in incident investigations and automates incident response and provides our security analyst with a single point of visibility.\",\"breadcrumb\":{\"@id\":\"https:\/\/ptp.cloud\/soar-based-security-monitoring\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/ptp.cloud\/soar-based-security-monitoring\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/ptp.cloud\/soar-based-security-monitoring\/#primaryimage\",\"url\":\"https:\/\/ptp.cloud\/wp-content\/uploads\/2022\/08\/SOAR.png\",\"contentUrl\":\"https:\/\/ptp.cloud\/wp-content\/uploads\/2022\/08\/SOAR.png\",\"width\":1430,\"height\":1069,\"caption\":\"Integrating Key Security Components in a SOAR System: TheHive, MISP, Cortex, and Shuffle.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/ptp.cloud\/soar-based-security-monitoring\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/ptp.cloud\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SOAR based Security Monitoring\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/ptp.cloud\/#website\",\"url\":\"https:\/\/ptp.cloud\/\",\"name\":\"PTP | Cloud Experts | Biotech Enablers\",\"description\":\"Helping innovative life sciences companies to get treatments to market faster.\",\"publisher\":{\"@id\":\"https:\/\/ptp.cloud\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/ptp.cloud\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/ptp.cloud\/#organization\",\"name\":\"Pinnacle Technology Partners\",\"alternateName\":\"PTP\",\"url\":\"https:\/\/ptp.cloud\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/ptp.cloud\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/ptp.cloud\/wp-content\/uploads\/2021\/08\/ptp_logo.png\",\"contentUrl\":\"https:\/\/ptp.cloud\/wp-content\/uploads\/2021\/08\/ptp_logo.png\",\"width\":409,\"height\":181,\"caption\":\"Pinnacle Technology Partners\"},\"image\":{\"@id\":\"https:\/\/ptp.cloud\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/PTPCloud\",\"https:\/\/x.com\/PTPCloud\",\"https:\/\/www.linkedin.com\/company\/pinnacletechpartners\",\"https:\/\/www.youtube.com\/@ptp4766\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/ptp.cloud\/#\/schema\/person\/9164cae6fb27fb76f79e048d8dd2d8ab\",\"name\":\"Gary Derheim\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SOAR based Security Monitoring - PTP | Cloud Experts | Biotech Enablers","description":"PTP's SOAR assists in incident investigations and automates incident response and provides our security analyst with a single point of visibility.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/ptp.cloud\/soar-based-security-monitoring\/","og_locale":"en_US","og_type":"article","og_title":"SOAR based Security Monitoring - PTP | Cloud Experts | Biotech Enablers","og_description":"PTP's SOAR assists in incident investigations and automates incident response and provides our security analyst with a single point of visibility.","og_url":"https:\/\/ptp.cloud\/soar-based-security-monitoring\/","og_site_name":"PTP | Cloud Experts | Biotech Enablers","article_publisher":"https:\/\/www.facebook.com\/PTPCloud","article_published_time":"2022-08-02T16:18:31+00:00","article_modified_time":"2024-06-03T06:59:56+00:00","og_image":[{"width":1430,"height":1069,"url":"https:\/\/ptp.cloud\/wp-content\/uploads\/2022\/08\/SOAR.png","type":"image\/png"}],"author":"Gary Derheim","twitter_card":"summary_large_image","twitter_creator":"@PTPCloud","twitter_site":"@PTPCloud","twitter_misc":{"Written by":"Gary Derheim","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/ptp.cloud\/soar-based-security-monitoring\/#article","isPartOf":{"@id":"https:\/\/ptp.cloud\/soar-based-security-monitoring\/"},"author":{"name":"Gary Derheim","@id":"https:\/\/ptp.cloud\/#\/schema\/person\/9164cae6fb27fb76f79e048d8dd2d8ab"},"headline":"SOAR based Security Monitoring","datePublished":"2022-08-02T16:18:31+00:00","dateModified":"2024-06-03T06:59:56+00:00","mainEntityOfPage":{"@id":"https:\/\/ptp.cloud\/soar-based-security-monitoring\/"},"wordCount":1392,"publisher":{"@id":"https:\/\/ptp.cloud\/#organization"},"image":{"@id":"https:\/\/ptp.cloud\/soar-based-security-monitoring\/#primaryimage"},"thumbnailUrl":"https:\/\/ptp.cloud\/wp-content\/uploads\/2022\/08\/SOAR.png","keywords":["mssp","security monitoring","soar","soc services","xdd"],"articleSection":["CloudOps","News","SecOps"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/ptp.cloud\/soar-based-security-monitoring\/","url":"https:\/\/ptp.cloud\/soar-based-security-monitoring\/","name":"SOAR based Security Monitoring - PTP | Cloud Experts | Biotech Enablers","isPartOf":{"@id":"https:\/\/ptp.cloud\/#website"},"primaryImageOfPage":{"@id":"https:\/\/ptp.cloud\/soar-based-security-monitoring\/#primaryimage"},"image":{"@id":"https:\/\/ptp.cloud\/soar-based-security-monitoring\/#primaryimage"},"thumbnailUrl":"https:\/\/ptp.cloud\/wp-content\/uploads\/2022\/08\/SOAR.png","datePublished":"2022-08-02T16:18:31+00:00","dateModified":"2024-06-03T06:59:56+00:00","description":"PTP's SOAR assists in incident investigations and automates incident response and provides our security analyst with a single point of visibility.","breadcrumb":{"@id":"https:\/\/ptp.cloud\/soar-based-security-monitoring\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/ptp.cloud\/soar-based-security-monitoring\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/ptp.cloud\/soar-based-security-monitoring\/#primaryimage","url":"https:\/\/ptp.cloud\/wp-content\/uploads\/2022\/08\/SOAR.png","contentUrl":"https:\/\/ptp.cloud\/wp-content\/uploads\/2022\/08\/SOAR.png","width":1430,"height":1069,"caption":"Integrating Key Security Components in a SOAR System: TheHive, MISP, Cortex, and Shuffle."},{"@type":"BreadcrumbList","@id":"https:\/\/ptp.cloud\/soar-based-security-monitoring\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/ptp.cloud\/"},{"@type":"ListItem","position":2,"name":"SOAR based Security Monitoring"}]},{"@type":"WebSite","@id":"https:\/\/ptp.cloud\/#website","url":"https:\/\/ptp.cloud\/","name":"PTP | Cloud Experts | Biotech Enablers","description":"Helping innovative life sciences companies to get treatments to market faster.","publisher":{"@id":"https:\/\/ptp.cloud\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/ptp.cloud\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/ptp.cloud\/#organization","name":"Pinnacle Technology Partners","alternateName":"PTP","url":"https:\/\/ptp.cloud\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/ptp.cloud\/#\/schema\/logo\/image\/","url":"https:\/\/ptp.cloud\/wp-content\/uploads\/2021\/08\/ptp_logo.png","contentUrl":"https:\/\/ptp.cloud\/wp-content\/uploads\/2021\/08\/ptp_logo.png","width":409,"height":181,"caption":"Pinnacle Technology Partners"},"image":{"@id":"https:\/\/ptp.cloud\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/PTPCloud","https:\/\/x.com\/PTPCloud","https:\/\/www.linkedin.com\/company\/pinnacletechpartners","https:\/\/www.youtube.com\/@ptp4766"]},{"@type":"Person","@id":"https:\/\/ptp.cloud\/#\/schema\/person\/9164cae6fb27fb76f79e048d8dd2d8ab","name":"Gary Derheim"}]}},"jetpack_featured_media_url":"https:\/\/ptp.cloud\/wp-content\/uploads\/2022\/08\/SOAR.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ptp.cloud\/wp-json\/wp\/v2\/posts\/6303","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ptp.cloud\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ptp.cloud\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ptp.cloud\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ptp.cloud\/wp-json\/wp\/v2\/comments?post=6303"}],"version-history":[{"count":0,"href":"https:\/\/ptp.cloud\/wp-json\/wp\/v2\/posts\/6303\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ptp.cloud\/wp-json\/wp\/v2\/media\/6310"}],"wp:attachment":[{"href":"https:\/\/ptp.cloud\/wp-json\/wp\/v2\/media?parent=6303"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ptp.cloud\/wp-json\/wp\/v2\/categories?post=6303"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ptp.cloud\/wp-json\/wp\/v2\/tags?post=6303"},{"taxonomy":"table_tags","embeddable":true,"href":"https:\/\/ptp.cloud\/wp-json\/wp\/v2\/table_tags?post=6303"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}