Chronicle SOAR

Chronicle Security Orchestration Automation and Response (SOAR) enables enterprises and MSSPs to gather data and security alerts from different sources by combining the following:

  • Orchestration and automation
  • Threat intelligence
  • Incident response

For detailed information on Chronicle SOAR, see the documentation.

View Chronicle SOAR Cases

Chronicle SOAR ingests alerts from a variety of sources. The Cases screen lets you investigate the incoming security alerts.

For more information on Chronicle SOAR cases, see the documentation.

To view Chronicle SOAR cases from Chronicle, complete the following steps:

  1. Select Cases from the application menu under the SOAR sub-heading.

  2. Authenticate using your Chronicle SOAR credentials. See here for more information on how to authenticate with Chronicle SOAR.

View Chronicle SOAR Playbooks

Playbooks define a series of automatic steps that are taken when triggered by an incoming alert. Playbooks can be used to investigate and respond to security issues as required.

For more information on Chronicle SOAR Playbooks, see the documentation.

To view Chronicle SOAR Playbooks from Chronicle, complete the following steps:

  1. Select Playbooks from the application menu under the SOAR sub-heading.

  2. Authenticate using your Chronicle SOAR credentials. See here for more information on how to authenticate with Chronicle SOAR.