Exam SY0-601 topic 1 question 69 discussion

SOAR allows for automation of IR

SOAR (Security Orchestration, Automation, and Response) Can use either playbook or runbook. It assists in collecting threat related data from a range of sources and automate responses to low level threats. (frees up some of the CSIRT time)

SOAR is correct

.."large amounts of the analysts' time due to manual tasks being performed" In need of Automation?

SOC (Security Operations Center) can improve its incident response time and efficiency by implementing a SOAR (Security Orchestration, Automation, and Response) platform with customizable playbooks. SOAR platforms help automate and streamline various security tasks and processes, allowing analysts to respond to incidents more quickly and effectively. By using customizable playbooks, the SOC can define automated workflows tailored to their specific incident response needs, reducing manual efforts and improving overall response time to security incidents.

Implementing a SOAR with customizable playbooks would be the best solution to improve the SOC's response time in this scenario. SOAR platforms are designed to streamline and automate incident response processes, allowing security analysts to respond more efficiently to security incidents. By creating customizable playbooks, the SOC can define predefined response actions and automate the execution of common and repetitive tasks. This reduces the reliance on manual processes and enables faster response times. The playbooks can include automated investigation, enrichment of data with OSINT (Open Source Intelligence), and execution of response actions based on predefined rules and logic.

SOAR is automated, and includes security orchestration and response to help resolve security issues more efficiently and timely.

Sounds like football but ok