STREAMLINING THREAT RESPONSE AND AUTOMATING CRITICAL USE CASES WITH SECURITY ORCHESTRATION, AUTOMATION AND RESPONSE (SOAR)

Authors

  • Asia Othman Aljahdali University of Jeddah, College of Computer Science and Engineering, Cybersecurity Department Saudi, Arabia
  • Raghad Alsulami University of Jeddah, College of Computer Science and Engineering, Cybersecurity Department Saudi, Arabia

DOI:

https://doi.org/10.29121/digisecforensics.v2.i1.2025.45

Keywords:

Incident Response, Cyberattacks, Security Information and Event Management (SIEM), Security Operations Centers (SOC)

Abstract

Incident response (IR) is the process of detecting the existence of a threat and minimizing its impact. The incident response team needs to work proactively to defend the network against cyberthreats. Streamlining and automating the threat response process will achieve this goal and enhance the incident response workflow. Automating important use cases enables the incident response team to focus on the analysis and decision-making processes. The most common critical use cases in today’s cyberspace are brute-forcing, vulnerability management, port scanning, and phishing. Security orchestration and automation (SOAR) technology complements the existing technologies to provide continued security. This study is an implementation of an automated system that aims to facilitate incident response in Security Operations Centers (SOC). The project will streamline several critical uses ceases that would prevent phishing attacks, brute force attacks, port scanning, and detect vulnerabilities on Windows OS. This project is not just to generate an automated response but is focused on improving the response as optimally as possible. The automation responses are done in compliance with cyber security best practices.

References

Islam, C., Babar, M. A., & Nepal, S. (2020). Architecture-Centric Support for Integrating Security Tools in a Security Orchestration Platform. Software Architecture: 14th European Conference, ECSA 2020, L'Aquila, Italy, September 14-18, 2020, Proceedings 14, 165-181. https://doi.org/10.1007/978-3-030-58923-3_11

Kallimath, V., & Savalagimath, C. (2021). The Complete Guide to Security Orchestration, Automation, and Response (SOAR). Happiest Minds.

Kraeva, I., & Yakhyaeva, G. (2021). Application of Metric Learning for Security Incident Playbook Recommendation. 2021 IEEE 22nd International Conference of Young Professionals. https://doi.org/10.1109/EDM52169.2021.9507632

Nguyen, P., Dautov, R., Song, H., Rego, A., Iturbe, E., Rios, E., Sagasti, D., Nicolas, G., Valdés, V., & Mallouli, W. (2023). Towards Smarter Security Orchestration and Automatic Response for CPS and IoT. 2023 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), 298-302. IEEE. https://doi.org/10.1109/CloudCom59040.2023.00055

Nyre-Yu, M., Gutzwiller, R. S., & Caldwell, B. S. (2019). Observing Cybersecurity Incident Response: Qualitative Themes from Field Research. Proceedings of the Human Factors and Ergonomics Society Annual Meeting, 63(1), 437-441. https://doi.org/10.1177/1071181319631016

Ohmori, M. (2019). On Automation and Orchestration of an Initial Computer Security Incident Response by Introducing a Centralized Incident Tracking System. Journal of Information Processing, 27, 564-573. https://doi.org/10.2197/ipsjjip.27.564

Purujoki, J. (2020). SOAR Playbook Implementation Incident Deduplication and its Effects (Bachelor's Thesis, JAMK University of Applied Sciences).

Team, R. F. (2019). SOAR use Cases for Effectively Mitigating Cyber Threats Part 2.

Torkura, K. A., Sukmana, M. I., Cheng, F., & Meinel, C. (2019). Slingshot-Automated Threat Detection and Incident Response in Multi-Cloud Storage Systems. 2019 IEEE 18th International Symposium on Network Computing and Applications (NCA), 1-5. IEEE. https://doi.org/10.1109/NCA.2019.8935040

Zwuiany Muhanad, H. D. A. (2015). DBFST: Detecting Distributed Brute Force Attacks on a Single Target. International Journal of Scientific and Engineering Research, 6.

Downloads

Published

2025-05-20

How to Cite

Aljahdali, A. O., & Alsulami, R. (2025). STREAMLINING THREAT RESPONSE AND AUTOMATING CRITICAL USE CASES WITH SECURITY ORCHESTRATION, AUTOMATION AND RESPONSE (SOAR). Journal of Digital Security and Forensics, 2(1), 36–57. https://doi.org/10.29121/digisecforensics.v2.i1.2025.45

Issue

Vol. 2 No. 1 (2025): Volume 2 Issue 1 January- June- 2025

Section

Articles

License

Copyright (c) 2025 Asia Othman Aljahdali, Raghad Alsulami

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

With the licence CC-BY, authors retain the copyright, allowing anyone to download, reuse, re-print, modify, distribute, and/or copy their contribution. The work must be properly attributed to its author.

It is not necessary to ask for further permission from the author or journal board. 

This journal provides immediate open access to its content on the principle that making research freely available to the public supports a greater global exchange of knowledge.

Crossref
Scopus
Google Scholar
Europe PMC