#jobs #incident #vulnerability #patch-management #security-tools #ai #detection-engineering #exploit #malware #cloud #breach #phishing #ransomware #zero-day #authentication
Articles tagged with: #soar Clear filter
[Tool] Built CyberBlueSOC - Deploy a Full SOC Lab in less than an hour (Open Source)

[Tool] Built CyberBlueSOC - Deploy a Full SOC Lab in less than an hour (Open Source)

cybersecurity www.reddit.com

I've been working on solving a problem I kept running into: setting up a SOC lab environment takes forever. Manual configuration of Wazuh, MISP, Velociraptor, Suricata, and other tools can take days. So I built CyberBlueSOC - a containerized platform that deploys 15+ integrated security tools with one command. What's included: - SIEM: Wazuh - Threat Intel: MISP (auto-populated with 280K+ IOCs) - DFIR: Velociraptor, Arkime - SOAR: Shuffle, TheHive/Cortex - Network Detection: Suricata, EveBox -...

#security-tools #detection-engineering #siem #dfir #soar
Open Source SOC Lab Platform - Integrated Wazuh, MISP, Velociraptor, Shuffle & More

Open Source SOC Lab Platform - Integrated Wazuh, MISP, Velociraptor, Shuffle & More

For [Blue|Purple] Teams in Cyber Defence www.reddit.com

Built an integrated SOC training platform for blue teamers who want to practice without spending days on setup. The stack: - SIEM/XDR: Wazuh + OpenSearch - CTI: MISP with automated feed ingestion - DFIR: Velociraptor for endpoint collection - SOAR: Shuffle for automation workflows - NIDS: Suricata + EveBox for event management - PCAP: Arkime with sample captures - Fleet: osquery fleet management - Detection: 523 YARA rules + 3,047 Sigma rules pre-configured Technical approach: - Docker Compose...

#security-tools #detection-engineering #siem #xdr #soar
How to look for opportunuties in UK / Germany based startups who is looking for a long term commitments and growth?

How to look for opportunuties in UK / Germany based startups who is looking for a long term commitments and growth?

cybersecurity www.reddit.com

A brief on myself, I have 2.5 years of experience in cybersecurity, and currently employed in one of product based MNC worked with many security teams within current organisation, few based on requirement and few on situations. I have good amount of experience on security engineering part of cybersecurity, managing and deploying SIEM , SOAR, IAM, AD, security automation and Threat intell platforms. How to look or research to work with startups or small / non tech companies (money is not the...

#siem #iam #soar
Fal.Con Rocks our views on AI's potential for the SOC.

Fal.Con Rocks our views on AI's potential for the SOC.

CrowdStrike www.reddit.com

Just got back from the conference...lots of solid material across the board, from new log ingestion methods with onum to the industry's push toward Agentic AI. But the real standouts for me were the AI Agents and the ability to use Charolette AI with natural language to build functional SOAR workflows. That's not just a shiny demo - it's a genuine accelerator that's going to cut friction and deliver faster results for my clients. Did anyone else find a particular feature to be a major standout?...

#soar
Top 10 Best Security Orchestration, Automation, And Response (SOAR) Tools in 2025

Top 10 Best Security Orchestration, Automation, And Response (SOAR) Tools in 2025

Cyber Security News cybersecuritynews.com

In the face of an ever-increasing volume of security alerts, a critical shortage of skilled cybersecurity professionals, and the growing sophistication of cyber threats, Security Operations Centers (SOCs) are often overwhelmed. This is where Security Orchestration, Automation, and Response (SOAR) tools become a game-changer. A SOAR platform centralizes security alerts, orchestrates security tools to work

#security-tools #soar
Splunk SOAR Req SPL?

Splunk SOAR Req SPL?

cybersecurity www.reddit.com

Do I need a working knowledge of SPL to effectively create playbooks in Splunk SOAR? I've heard the recent updates make creating playbooks easier. Not sure if it's just hype. submitted by /u/Outlander77 [link] [comments]

#soar
Building out a workflow to modify host groups

Building out a workflow to modify host groups

CrowdStrike www.reddit.com

Hello everyone, I am reaching out to get everyone's opinion on using a soar workflow to go through and adjust device host groups based on the username column in Endpoint security -> files written to USB. I am trying to come up with a workaround for the host based policy enforcement. Let me know what you think. submitted by /u/Crypt0-n00b [link] [comments]

#endpoint-security #soar
Fusion SOAR Stale Users Workflow (ITP)

Fusion SOAR Stale Users Workflow (ITP)

CrowdStrike www.reddit.com

Hello, I'm trying to edit the base workflow for stale users. Ideally I want the workflow to iterate through each stale user, obtain their manager, then email the manager once with a list of all of their subordinate stale accounts. We have both on premise and EntraID accounts in ITP, so I guess the workflow would need to differentiate between these when getting the manager. Is that possible in Fusion SOAR? submitted by /u/Hefty-Technician9807 [link] [comments]

#soar
Console Question

Console Question

CrowdStrike www.reddit.com

Hello all, lets say i want other ways to check if a scan is completed, apart from the fusion soar and on-demand scan tab, are there other ways?? Also, a noob in cs here, please if there is any helpful tip - do let me know Thanks! submitted by /u/Dense-One5943 [link] [comments]

#soar
SOAR workflow custom variable

SOAR workflow custom variable

CrowdStrike www.reddit.com

Hello CrowdStrike Community, I am relatively new to SOAR workflows and I am curious if anyone has a solution to this issue. One of the workflows I am working on is to respond to a specific NG-SIEM detection from a 3rd party. I want to respond to the detection by locking the user's account and resetting their password. However, there isn't a username associated with the detection, but the NG-SIEM raw string does have the user's email. Is there a way to use the Workflow specific event query and...

#detection-engineering #siem #soar
Shuffle SOAR (Open Source)

Shuffle SOAR (Open Source)

cybersecurity www.reddit.com

Hello everyone! I'm trying to set up automation in Shuffle. I need to pull data from platforms like (Virustotal, AbuseIPD, etc.) and send the received data to the Databases. More precisely, I need to collect them. Can you tell me how to do it correctly? Hello everyone! I'm trying to set up automation in Shuffle. I need to pull data from platforms like (Virustotal, AbuseIPD, etc.) and send the received data to the Databases. More precisely, I need to collect them. Can you tell me how to do it...

#soar
Fusion SOAR

Fusion SOAR

CrowdStrike www.reddit.com

Is it just me and I am just too dense and cannot understand basic functions, or does Fusion SOAR just seem clunky? I am by no means a DevOps or API wizard, but trying to do anything in there is just convoluted and confusing. I have been struggling the past couple days just making a simple API call. Is there some good guidance on this I can read up on somewhere or some community templates I can build off of? All I can find are the CrowdStrike provided templates which is kind of disappointing....

#soar
Yara Scans Using CrowdStrike SOAR - Fully operational all inside the console.

Yara Scans Using CrowdStrike SOAR - Fully operational all inside the console.

CrowdStrike www.reddit.com

Hi all. If you need to run Yara on your hosts, I got your solution. Full Guide and files can be downloaded from here - https://limewire.com/d/nebib#42OphHW98T Explanation of the workflow works - · Run on-demand workflow, you will only need to insert the "TargetScanPath" - where you want the Yara to run the scan. · Using device query, we declare on what host groups we want to run the scan. · Scripts that start to run on each host - o 1 st we create the yara_rule.yar file, your Yara rule...

#detection-engineering #soar
FortiSIEM 7.4

FortiSIEM 7.4

cybersecurity www.reddit.com

Anyone tried FortiSIEM specifically 7.4 release? The reason why am asking about this specific version is ... it brought another level for the SaaS flavour of the product, making it pretty much the same as on-prem version, and bringing in embedded SOAR-like capabilities. However, because it is (respectively) new release, can't yet determine its pros and cons I have hybrid infrastructure mixing between cloud and on-prem and from multiple vendors, and trying to determine which SIEM would make the...

#cloud #siem #soar
SOC T1 Become T2 DFIR or Malware

SOC T1 Become T2 DFIR or Malware

cybersecurity www.reddit.com

Hi everyone, I'm currently working as a SOC T 1 for the past 2 months. Before that, I worked as a SOC Engineer for about a year, mainly dealing with SIEM, SOAR, and different SOC tools (configurations, deployments, etc.). Right now, I want to move up to SOC T2 , but I'm not sure what exact path I should take. I'm currently interested in DFIR and Malware Analysis , but I don't know which one I should focus on (I don't mind choosing only one if needed). My main questions are: What topics and...

#malware #siem #dfir #soar
How do you know when it's time to leave SOC?

How do you know when it's time to leave SOC?

cybersecurity www.reddit.com

Looking for some honest advice here. I'm currently a SOC analyst at an MSSP with about 1+ yr experience (started as an "intern" but basically did the same work as full timers for less pay). Current situation: Spend 12-14 hours a day for work closing/escalating tickets, 99% of which are false positives. our team is based of 2 locations the security engineering team is at a different location, and analysts there get way more opportunities for rule tuning, automation projects, SOAR and actual...

#soar
Moving away from Operations

Moving away from Operations

cybersecurity www.reddit.com

I am a SoC Analyst at an MDR providor, currently an L1/junior, I have done 6 months of internship and later been a full time analyst for 14 months now, I have learnt SOAR and I have developed some mid range playbooks and using LLMs modified response action scripts to suit our needs better Now there is a requirement for a full time implementation engineer for SOAR and they are considering me as well for that, over the year I developed my skills enough to do decent investigations, threat hunts...

#soar