SOAR Use Case: Data Loss Prevention (DLP) Alert Triage
SIEMs generate too many alerts to adequately investigate, leaving you time to focus only on the alerts identified by your SIEM as the highest priority events. Critical threats can be missed when you only investigate a small percentage of your SIEM alerts, but with the majority being false positives, manually investigating each one is an impossible task without automation.
Devo SOAR playbooks can automatically analyze and investigate all SIEM alerts and perform rapid, fully automated triage after assessing multiple factors. For example, if an alert from Splunk comes through indicating suspicious network activity, an automated playbook can analyze, investigate and triage each alert in seconds or minutes, giving an accurate risk score based on multiple factors. Automated decision making processes determine how each alert is addressed depending on the risk score. Any true positive automatically generates a case and the appropriate incident response processes can be recommended, fully automated, or can immediately execute after one-click approval.