S
Security, Orchestration, Automation, and Response (SOAR)
(Context: Information Systems Security)
A stack of capabilities that enable an organization to collect data about security threats and respond to security events without human assistance. The goal of using a SOAR platform is to improve the efficiency of physical and digital security operations through security orchestration, security automation, and security response. Security orchestration connects and integrates with monitoring tools in the environment, such as vulnerability scanners, endpoint protection products, end-user behavior analytics, firewalls, intrusion detection and intrusion prevention systems (IDSes/IPSes), and external threat intelligence feeds. Security automation consumes the data from the orchestrated systems to automatically conduct vulnerability scanning and log analysis. Security response is a set of actions that are carried out once a threat is detected based on an incident playbook.
Reference:
https://www.vita.virginia.gov/media/vitavirginiagov/it-governance/ea/pdf/Event-Log-Management.pdf