SOAR @ SolarNet

SOAR is a frequently used word these days in the world of cyber security which comprises of, Security Orchestration, Automation and Response. As cyber security threats increase in volume and veracity, SOCs are struggling to synchronize the many tools, employees, and data silos in their organisation.

A SOAR platform provides a means of enabling human and machine tasks to be woven together for unified orchestration that centralises operations for efficiency, effectiveness, and simplifies many of the operational processes akin to a SOC’s day to day activities.

SOAR operationalises the incident response processes via playbooks or workflows which help identify malicious behaviours or intent and can then orchestrate the next steps in threat mitigation or remediation depending on where in the kill-chain the activity has been identified

Whether or not a traditional SIEM (Security Incident Event Monitoring) is in place to amalgamate and correlate security event data from a variety of log sources (e.g. network infrastructure such as firewalls, load balancers or end user machines), a SOAR platform can be the key to identifying a potential threat before it transcends into a “real” threat.

SOAR platforms can be used to integrate with a SIEM or a disparate set of systems/tools in order to obtain the crucial early warning signs that malicious or suspicious activities are being performed by threat actors.

The key objectives for any SOAR platform are to:

  • Rapidly uncover and disrupt complex cyber-attacks via orchestration.
  • Assign and track tasks to analysts based on custom benchmarks, roles and responsibilities.
  • Capture key custodians, digital and physical evidence for forensic analysis.
  • Drive efficiency and flexibility of processes associated to incident response.
  • Provide the data required to create the detailed metrics as part of the incident lifecycle.

As part of the kill-chain analysis during the incident lifecycle the MITRE ATT&CK® framework was introduced. MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

“With the creation of ATT&CK, MITRE is fulfilling its mission to solve problems for a safer world — by bringing communities together to develop more effective cybersecurity. ATT&CK is open and available to any person or organization for use at no charge.” - MITRE ATT&CK®

How can Solarnet Communications help you with everything SOAR?


Solarnet Communications has a breadth of knowledge and expertise within the SOAR arena covering a multitude of activities associated to SOAR platforms. Regardless of the size of your business if you are looking to purchase a SOAR platform or maybe you already have one but you’re struggling to maximise its potential then we can help.

We pride ourselves on being one of the few specialist companies that truly understand SOAR and its application within all business models, here’s some areas that we can assist you with:

  • Business Process Translation/Transformation into SOAR Frameworks
  • Platform Deployment
  • Platform Technology Advise
  • Platform Integrations; Inception and Development; (covering but not limited to):
  • Anomali ThreatStream
  • Bespoke Tools / Custom Integrations
  • Bricata
  • FireEye HX
  • Microsoft Graph
  • AIR - Automated Incident Response
  • Azure AD
  • Emails
  • Threat Protection
  • Security and Compliance Center
  • Qualys
  • QRadar / QROC
  • ServiceNow
  • Workbook / Playbook Inception and Development

Solarnet has recently become a fully-fledged channel partner of D3 Security, who are based in Vancouver, Canada, and provide the world's most comprehensive, integrated SOAR platform, click here to find out more.


“We are really excited about this partnership combining D3’s award winning SOAR platform with our own knowledge and expertise in cyber security, the potential is huge!”


Having worked with many SOAR platforms such as Demisto, Splunk Phantom, Swimlane we found that D3’s SOAR platform stood head and shoulders above the rest. Not only does it offer both case and incident modules covering the complete cyber security lifecycle but it also has an embedded MITRE ATT&CK Matrix which gives analysts the context they need to address advanced threats as they happen.

The intuitive user interface allows you to build codeless playbooks that enable easily adaptable workflows and integrations with minimal maintenance and it doesn’t stop there. If you can’t find a pre-built integration to orchestrate your workflow tasks from the 360+ available then you can simply build your own using the wealth of customisations the platform has to offer, the only limitation being your own imagination.

Establishing the right metrics and demonstrating performance through trend reporting are critical for SOC managers. D3 provides a report library, plus a slice-and-dice report-builder that allows you to track any number of proactive and reactive metrics, which can be easily exported directly to Snowflake or PowerBI datasets for all your data modelling needs.

This is why Solarnet are proud to be partners of D3 Security and rate their product as the best choice on the SOAR market today!