As organizations develop workflows in Security Orchestration, Automation, and Response (SOAR) products, they often include data normalization routines for each resource they access. They may also design the workflows to handle the creation and storage of accessible information about state, interim results, and cross-references for other organizational capabilities to use.
The problem with performing these normalization, standardization, and information management functions with SOAR is that whenever a resource is added or upgraded, or a new capability deployed, they have to modify all associated workflows. It is worth considering an Information Focused Automation Framework to handle these functions allowing your automation to be source- and capability-agnostic.
Format: |
|
Topics: | |
Website: | Visit Publisher Website |
Publisher: | Cybersecurity and Infrastructure Security Agency (CISA) |
Published: | April 1, 2021 |
License: | Public Domain |