From the course: Introduction to SecOps on Google Distributed Cloud (GDC) by Google
Join today to access over 25,500 courses taught by industry experts.
Security Orchestration, Automation, and Response (SOAR) - Google Cloud Platform Tutorial
From the course: Introduction to SecOps on Google Distributed Cloud (GDC) by Google
Security Orchestration, Automation, and Response (SOAR)
- [Presenter] SOAR stands for Security Orchestration, Automation, and Response. The SOAR system serves as a centralized security solution designed to automatically prioritize and respond to security incidents. This capability is enabled by machine learning-driven automation and orchestration. For effective incident response automation, the SOAR system requires access to both platform logs and security feeds. Similar to a SIEM system, SOAR collects logs from compute and network devices and platform workloads. Additionally, SOAR integrates with threat intelligence feeds and incident management operations from the SIEM system, as well as with other relevant SecOps tools. With the combination of these data sources, the SOAR system can access and monitor platform events. The SOAR system can also execute playbooks and response workflows when an alert is triggered. Let's look in more detail at how the SOAR system manages incident…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
(Locked)
Module overview1m 44s
-
(Locked)
Logs in the GDC SOC4m 8s
-
(Locked)
Manual and automated security processes1m 12s
-
(Locked)
Security Information and Event Management (SIEM)4m 3s
-
(Locked)
Security Orchestration, Automation, and Response (SOAR)3m 59s
-
(Locked)
Endpoint Detection and Response (EDR)5m 1s
-
(Locked)
SIEM, EDR, and SOAR at Cymbal Federal1m 41s
-
(Locked)
An introduction to incident management6m 7s
-
(Locked)
The activities behind incident management6m 49s
-
(Locked)
The end-to-end incident response process1m 14s
-
(Locked)
Monitor2m 46s
-
(Locked)
Intake3m 49s
-
(Locked)
Escalate1m 45s
-
(Locked)
Investigate4m 19s
-
(Locked)
Contain and remediate2m 38s
-
(Locked)
Recover and report2m 52s
-
(Locked)
Recap of incident response management1m 18s
-
(Locked)
The incident response plan (IRP)1m 34s
-
(Locked)
The challenges of proactive cyber security4m 2s
-
(Locked)
Advanced security services in the SOC3m 7s
-
(Locked)
Advanced security services at Cymbal Federal2m 9s
-
(Locked)
The asset inventory3m 58s
-
(Locked)
Introduction to threat modeling5m 41s
-
(Locked)
Introduction to vulnerability management7m 26s
-
(Locked)
Introduction to security engineering6m 35s
-
(Locked)
Module review1m 9s
-
(Locked)
-
-