Security Orchestration, Automation and Response (SOAR)

Gartner defines SOAR as solutions that combine incident response, orchestration and automation, and threat intelligence platform management capabilities in a single solution.
SOAR tools can be used for many security operations tasks, including:
Documenting and implementing processes, supporting security incident management.

How does it work?

Data entry

The input commands define the sources of information (Lynx, SIEMs, databases, files, APIs, among others) from which the data will be extracted for the evaluation.

Data processing and transformation

The processing commands are used to select and process the raw data in order to contextualize the situation using filters, correlations with other sources, counting and various other tools.

Response, orchestration and automation

The outgoing commands initiate the response based on the results of the processing, such as sending emails, notifications, alarms, creating FW rules, among others.

Zerum Okami highlights

Playbooks for immediate action

Playbooks offer a standardized response and processes for cyber security incidents and describe the steps from detection to the conclusion of the incident, considering all
the phases of the Cyber Kill Chain.

Automation with a few clicks

Users are provided with graphical tools to facilitate the creation, implementation and application of Playbooks, with an extensive library of pre-configured scripts for the rapid composition of comprehensive Playbooks.

Tailor-made execution for each scenario

Different settings to define parameters such as the frequency and time of execution, the priority of the findings, among others.

Fast returns, in one place

The results screen brings together the feedback from the Playbooks you’ve run, so you can consult the information quickly and centrally. Few clicks, lots of effect.

Complete library of use cases

The Playbooks library covers a wide variety of use cases, made up of several scripts that work together to deliver the result.

Easy and reusable customization

If the user needs a customized script, the graphical interface allows quick testing of scripts and subsequent storage to use the same logic in other contexts.

Questions and answers

Does Okami allow you to customize your flows?

Yes. Users can configure everything from the frequency of playbook execution to parameters such as event priority, time windows and conditional triggers. In addition, the graphical interface allows you to quickly create, test and reuse customized scripts, even for specific cases that are not covered by the library’s standard playbooks.

How does playbook creation work in Okami?

Okami offers an extensive library of pre-configured playbooks for the main security use cases. Each playbook is made up of ZML scripts that work together to perform actions such as blocking IPs, isolating machines, sending alerts and more.

Do I need to know how to program to use Okami?

Our SOAR has been designed to be extremely intuitive and easy to use, with just 3 basic, standardized commands. In addition, Okami offers a user-friendly graphical interface and the possibility of integration with Omnvision, where Artificial Intelligence can be used to assist in the creation of scripts. For more technical users, the language can be used for advanced customizations – but it’s not a barrier to initial use.

Does Okami support integration with other solutions outside the Zerum Ecosystem?

Yes. As well as integrating perfectly with Zerum’s proprietary solutions, Okami also connects to various tools from different manufacturers. What’s more, the platform isn’t just limited to cybersecurity integrations – it allows the creation of playbooks that cover areas such as performance and other corporate operations. Among the integrations available are the automatic opening of tickets in ITSM systems, the sending of notifications via Slack and Telegram, as well as a wide range of functionalities, including active actions in various security tools.

Do you want expert support
to identify and eliminate cyber threats?

We’re here
to help you.

AI Applied to Cybersecurity

Threat Intelligence Database

Network Detection & Response (NDR)

Security Event Management (SIEM) and XDR

Security Orchestration, Automation and Response (SOAR)

Network Packet Broker

Real-Time Analytics for IT (aaNPM)

Monitoring, Detection and Response

Proactive Investigation of Stealth Threats

Evidence Preservation and Analysis

Public Info Analysis to Predict Risks

Specialized Trainings for Risk Prevention

Finding Flaws Before Exploitation

Security Evaluation via Attack Simulation

Automated Simulations of Real Attacks

Monitoring and Analysis of IT Operations

Security Orchestration, Automation and Response (SOAR)

How does it work?

Data entry

Data processing and transformation

Response, orchestration and automation

Zerum Okami highlights

Playbooks for immediate action

Automation with a few clicks

Tailor-made execution for each scenario

Fast returns, in one place

Complete library of use cases

Easy and reusable customization

Questions and answers

Do you want expert supportto identify and eliminate cyber threats?

Do you want expert support
to identify and eliminate cyber threats?