Skip to main content
 
 
Splunk Lantern

Stage 4 of the SOAR Adoption Maturity Model

 

clipboard_e4c355587a5b626d40cb5ddcda11d13eb.png

Characteristics of an organization in the Fully Proactive stage

At stage 4, the organization is fully aware of what they need to do and how to do it.

The SOC at this stage might be described as centralized SOC, coordinated SOC, hierarchical SOC, federated SOC, national SOC, or managed SOC. The CISO has a standard or hybrid SOC. The hybrid SOC has more L3 resources than L2s, and SOC teams build detections with automation and response processes. There is deep use of threat intelligence analysis and forensic triage of all host, network, and account compromises.

What happens at this stage

The end goal of stage four is to use highly customized playbooks that consistently automate advanced workflows. After this happens, the organization is in the top 5% of SOCs. The main value of this stage is root cause analysis, speed, scale, and consistency in daily operations.

Common use cases

  • Advanced countermeasures
  • Automated response tasks
  • Integrated threat intelligence
  • Automated observable

For more Splunk SOAR use cases, see the Security Use Case Library.

Common SOAR applications

  • Custom integrations and apps (On-Prem or Cloud)
  • Needs full development capabilities

For more information on Splunk SOAR Connectors and to engage with the developers, see the GitHub repository.

Common SOAR playbooks