SOARing through security response automation is exiting.

We utilize SOAR to automate daily tasks and alerts in our environment for our analysts to make quick decisions and react to evolving threats. From phishing emails to suspicious VPN notifications from users connecting around the world. We automated contacting end-users we are protecting to be efficient and create responses that automate the ticketing and closure of events once they have been deemed resolved. This helps us have a more proactive approach and gives us time to develop blue team / red team scenarios that we would otherwise not have the bandwidth to achieve with the manual process of investigating alerts while also providing a starting point for new hire training. We are starting to train new analysts on SOAR by comparing the tedious manual process and comparing it to playbooks for the analyst to understand the efficiency, value, context, and solutions that SOAR provides while also keeping our analysts up-to-date on the procedures we should mimic within our playbooks when planning to enhance or create new parent playbooks from existing sub-playbooks. This creates a revolving approach to enhancing our services and responsiveness to the business while also keeping the analyst from burning out over repetitive alerts and allows for a more proactive approach to enabling analysts to create new methods for more complex processes and tasks.