{"id":5418,"date":"2022-03-03T16:13:00","date_gmt":"2022-03-03T16:13:00","guid":{"rendered":"http:\/\/www.sumologic.com\/blog\/want-to-improve-collaboration-and-reduce-incident-response-time-try-cloud-soar-war-room"},"modified":"2025-06-17T07:51:48","modified_gmt":"2025-06-17T15:51:48","slug":"want-to-improve-collaboration-and-reduce-incident-response-time-try-cloud-soar-war-room","status":"publish","type":"blog","link":"https:\/\/www.sumologic.com\/blog\/want-to-improve-collaboration-and-reduce-incident-response-time-try-cloud-soar-war-room","title":{"rendered":"Want to improve collaboration and reduce incident response time? Try Cloud SOAR War Room"},"content":{"rendered":"\n
\n
\n
\n
\n

In the last twenty years, more technology has been produced since the beginning of human history. And while we have talked about industrial automation since 1952, the complexity of today\u2019s cybersecurity analyst activities makes the need to embrace automation paramount.<\/p>\n\n\n\n

Cybersecurity is not just a technology issue\u2014processes are key <\/h2>\n\n\n\n

The most crucial factor in the security operation center (SOC) is having a plan to respond to incidents. Cybersecurity serves the business and it is important to take its mandates into account when creating standard operating procedures (SOPs)<\/a> for business continuity. Often legacy SOCs fail to assess alerts promptly because there are too many processes to follow and too many tools to manage.<\/p>\n\n\n\n

Sumo Logic Cloud SOAR<\/a> (security orchestration, automation and response) accelerates incident response time by operationalizing SOPs and maximizing overall SOC efficiency<\/a>. <\/p>\n\n\n\n

The one thing SOC teams need to avoid when facing a potential cyberattack is improvisation.<\/p>\n\n\n\n

This blog discusses core features of SOAR to enhance collaboration and speed the incident response process, including the new War Room feature that helps capture and detail the specificities of each incident.<\/p>\n\n\n\n

Cloud SOAR improves SOPs by boosting automation<\/h2>\n\n\n\n

Over the years, the types of attacks have increased significantly. Many different technologies are necessary to prevent and respond to threats. SOAR leverages automation in response processes, ingesting alerts generated by different technologies used in the SOC, such as those from SIEM<\/a> (security information and event management) solutions.
<\/p>\n\n\n\n

SOAR starts where SIEM ends
<\/h3>\n\n\n\n

SOAR receives alerts and insights from SIEM<\/a>, suggesting to analysts the right processes to activate based on the type of threat. This allows the cyber team to leverage automation for alert enrichment by collecting and organizing data from many different technologies in the case manager. Furthermore, it facilitates analysts’ work by assigning only those tasks where human intervention is essential, leaving the rest to automation.<\/p>\n\n\n\n

The SecOps dashboard\u2014all analyst tasks in one place<\/h2>\n\n\n\n

The Cloud SOAR SecOps dashboard helps analysts when human interaction is needed. Analysts have all tasks in one place where they can choose whether to complete, assign, close, reassign or decline their automatically assigned actions, user choices and tasks. They can review playbook suggestions and use the search query bar<\/a> to optimize workflow processes, easily customize the viewing perspective and choose which data they want to see.
<\/p>\n\n\n\n

The Cloud SOAR SecOps dashboard puts analyst tasks in one place<\/em>
<\/p>\n\n\n\n

Implementing automation in SecOps, especially for time-consuming and low-risk tasks can dramatically improve analyst effectiveness and productivity. At the same time, it is critical to have full visibility into what has been done until the analyst took action. This is why the newly introduced War Room is such an important feature.
<\/p>\n\n\n\n

The role of War Room in day-to-day activities<\/h2>\n\n\n\n

The goal of Cloud SOAR War Room is to provide a complete and detailed picture of a specific incident process in one single page.. It allows analysts to see all the data collected in a well-structured way so that they can easily make insightful decisions.
<\/p>\n\n\n\n

War Room timeline<\/em><\/p>\n\n\n\n

With War Room, the cyber team sees everything that happened in a specific incident in chronological order. Using the familiar concept of a timeline, the War Room shows a detailed view of every relevant event that happened during a specific incident.<\/p>\n\n\n\n

The cyber team can filter the results according to their specific needs and analyze all the information collected and actions performed, including:
<\/p>\n\n\n\n