Security Orchestration Overview
Security orchestration combines security functions of different systems or components in a system involved in security operations of enterprises and organizations based on certain logical relationships to complete a specific security operations process and procedure. It aims to help security teams of enterprises and organizations quickly and efficiently respond to network threats and implement efficient and automatic response and handling of security incidents.
It provides the following functions:
- Playbook management: you can use the built-in automatic response playbooks or customize playbooks.
- Workflow: Allows you to draw a playbook triggering flowchart.
- Instance management: allows you to monitor and manage running instances and view records.
- SOAR: You can orchestrate workflows to let SOC automatically handle security incidents and suspicious incidents.
Basic Concepts
- Playbook
A playbook is a formal expression of the security operation workflow in the security orchestration system and is usually executed driven by the workflow engine in the orchestrator.
Orchestrating a playbook is to build the manual security operation workflow and software into a machine playbook.
- Workflow
A workflow is a collaborative work mode that integrates various capabilities related to security operation, such as tools, technologies, workflows, and personnel. A workflow is the response flow when a playbook is triggered.
It combines API-enabled security capabilities, or applications, in SecMaster and manual checkpoints based on certain logical relationships to complete a specific security operations process and procedure.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
