Standardized Process For Building SOAR Automations

egrizzly

Hi All,

Just curious whether any of y'all have ran across any standardized process that can be used in building out workflows for Security Orchestration, Automation, and Response solutions (SOAR) when provided with a given scenario.  Better of a response if the process can be applied to all SOAR solutions regardless of vendor.  

As always, thanks in advance guys.

JDMurray

Sorta like a YARA or Snort signature standard for SOAR workflows that all SOAR solutions must conform to? ChatGPT says nooooooo...

egrizzly

JDMurray said:

Sorta like a YARA or Snort signature standard for SOAR workflows that all SOAR solutions must conform to? ChatGPT says nooooooo...

I got the opposite response from ChatGPT as it had given me a process for building out workflow.  To corroborate and validate it requires a look from humans though.

JDMurray

Yes, ChatGPT will give a very general, high-level procedure for creating a generic SOAR, but it specifically replied to me that there is no standard or framework for all SOAR solutions. I believe that is what you said that you are looking for.

egrizzly

JDMurray said:

Yes, ChatGPT will give a very general, high-level procedure for creating a generic SOAR, but it specifically replied to me that there is no standard or framework for all SOAR solutions. I believe that is what you said that you are looking for.

Thanks. Cool beans dude.  yeah, I thought I might bounce this off the rest of the community to see if there were other dogs barking differently. 

egrizzly

JDMurray said:

Yes, ChatGPT will give a very general, high-level procedure for creating a generic SOAR, but it specifically replied to me that there is no standard or framework for all SOAR solutions. I believe that is what you said that you are looking for.

Thanks. Cool beans dude.  yeah, I thought I might bounce this off the rest of the community to see if there were other dogs barking differently.