{"id":397444,"date":"2025-05-05T15:27:24","date_gmt":"2025-05-05T15:27:24","guid":{"rendered":"https:\/\/pandorafms.com\/?p=397444"},"modified":"2026-01-21T16:21:16","modified_gmt":"2026-01-21T16:21:16","slug":"what-is-soar","status":"publish","type":"post","link":"https:\/\/pandorafms.com\/en\/it-topics\/what-is-soar\/","title":{"rendered":"What Is SOAR and Why It Is Key in Modern Cybersecurity"},"content":{"rendered":"<p>[et_pb_section fb_built=&#8221;1&#8243; admin_label=&#8221;Section&#8221; _builder_version=&#8221;4.22.0&#8243; _module_preset=&#8221;default&#8221; custom_margin=&#8221;0px||0px||false|false&#8221; custom_padding=&#8221;0px||0px||false|false&#8221; locked=&#8221;off&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_row column_structure=&#8221;1_4,3_4&#8243; _builder_version=&#8221;4.27.0&#8243; _module_preset=&#8221;default&#8221; custom_padding=&#8221;50px||||false|false&#8221; custom_css_main_element=&#8221;z-index:0!important;&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_column type=&#8221;1_4&#8243; disabled_on=&#8221;on|on|off&#8221; _builder_version=&#8221;4.22.0&#8243; _module_preset=&#8221;default&#8221; custom_padding=&#8221;||||false|false&#8221; sticky_position=&#8221;top&#8221; sticky_offset_top=&#8221;100px&#8221; sticky_limit_bottom=&#8221;section&#8221; motion_trigger_start=&#8221;top&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_text admin_label=&#8221;indice&#8221; _builder_version=&#8221;4.27.0&#8243; _module_preset=&#8221;default&#8221; custom_margin=&#8221;||0px||false|false&#8221; custom_padding=&#8221;||14px||false|false&#8221; link_option_url=&#8221;#1&#8243; global_colors_info=&#8221;{}&#8221;]<\/p>\n<p style=\"font-size: 0.9em; line-height: 1.4em; color: #333333;\"><strong>Sections<\/strong><\/p>\n<ul class=\"ittopicsul\">\n<li><a href=\"#1\">What Is SOAR?<\/a><\/li>\n<li><a href=\"#2\">Key Components of a SOAR Solution<\/a><\/li>\n<li><a href=\"#3\">How Does a SOAR Work?<\/a><\/li>\n<li><a href=\"#4\">Benefits of Implementing a SOAR in Your Organization<\/a><\/li>\n<li><a href=\"#5\">Common Use Cases for SOAR<\/a><\/li>\n<li><a href=\"#6\">Differences Between SOAR and SIEM: Rivalry or Complement?<\/a><\/li>\n<li><a href=\"#7\">Integration of SOAR with Other Security Tools<\/a><\/li>\n<li><a href=\"#8\">Considerations Before Implementing a SOAR Solution<\/a><\/li>\n<li><a href=\"#9\">SOAR in the Pandora FMS Ecosystem<\/a><\/li>\n<\/ul>\n<p>[\/et_pb_text][\/et_pb_column][et_pb_column type=&#8221;3_4&#8243; _builder_version=&#8221;4.27.0&#8243; _module_preset=&#8221;default&#8221; custom_css_main_element=&#8221;z-index:0!important;&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_text admin_label=&#8221;seccion&#8221; module_id=&#8221;1&#8243; module_class=&#8221;ittopicscontent&#8221; _builder_version=&#8221;4.27.0&#8243; _module_preset=&#8221;default&#8221; z_index=&#8221;0&#8243; custom_margin=&#8221;0px||0px||true|false&#8221; custom_padding=&#8221;0px||0px||false|false&#8221; custom_css_main_element=&#8221;font-family:%22Pandora-Light%22;&#8221; locked=&#8221;off&#8221; global_colors_info=&#8221;{}&#8221;]In cybersecurity, there\u2019s something almost as abundant as vulnerabilities: acronyms. And today, we\u2019re focusing on one that\u2019s essential if we want our cybersecurity department to operate at peak efficiency <strong>SOAR, which stands for Security Orchestration, Automation, and Response<\/strong>.<br \/>\nImplementing SOAR effectively can make the difference between a sluggish, manual response and one that is fast, intelligent, and efficient. That\u2019s why in this post, we\u2019ll break down what SOAR is, what it\u2019s used for, how it works, and how it can dramatically increase your effectiveness in responding to threats\u2014or at the very least, make your workdays a bit smoother.<\/p>\n<h2 id=\"1\">What Is SOAR?<\/h2>\n<p>Movies often portray cybersecurity as a battle between genius hackers typing arcane commands in a black terminal window\u2014furiously banging on keyboards until someone says, \u201cI\u2019m in.\u201d<br \/>\n Reality, however, looks a lot more like keyboards full of Dorito crumbs, script kiddies pasting commands they don\u2019t understand, endless spam and phishing emails, and users clicking exactly where you told them not to.<br \/>\nIn that context, SOAR\u2014Security Orchestration, Automation, and Response\u2014is a technology designed to achieve two critical objectives:<\/p>\n<ul class=\"lista\">\n<li><strong>Orchestration<\/Strong>: Coordinating timely and synchronized responses to major threats.<\/li>\n<li><strong>Automation<\/Strong>: Streamlining and executing optimal responses to recurring, low-complexity security incidents.<\/li>\n<\/ul>\n<p>Given today\u2019s threat landscape, implementing SOAR is no longer optional for organizations of a certain size, complexity, or strategic importance. Why? Because modern cybersecurity is less about single epic attacks and more about \u201cdeath by a thousand cuts.\u201d<br \/>\nPort scans, phishing emails, and leaked credentials on the dark web flood our environments daily. We\u2019re like Gulliver, overwhelmed not by giants, but by a relentless swarm of tiny attackers.<br \/>\nIn this scenario, if you\u2019re not automating, your experts are bogged down with repetitive manual mitigation tasks instead of focusing on high-value threats. It\u2019s a waste of talent.<\/p>\n<p><strong>SOAR handles these repetitive, necessary tasks automatically<\/strong>not to replace your <a href=\"https:\/\/pandorafms.com\/en\/it-topics\/what-is-security-operations-center-soc\/\" target=\"_blank\" rel=\"noopener\">SOC<\/a>, but to empower it. It frees your cybersecurity team to focus on advanced analysis and strategic defense, while automation deals with tasks like IP banning or phishing ticket workflows.<br \/>\nWithout SOAR, your organization is more vulnerable. While your top analysts are buried in low-level alert response and ticket management, an attacker may be moving laterally from a compromised IoT device to a printer, looking for ways to escalate privileges\u2014while your defenders are still manually handling the latest DDoS flood.<\/p>\n<h2 id=\"2\">Key Components of a SOAR Solution<\/h2>\n<p>The pillars of a SOAR solution are built right into its name:<\/p>\n<ul class=\"lista\">\n<li><strong>Orchestration<\/strong>.<\/li>\n<li><strong>Automation<\/strong>.<\/li>\n<li><strong>Response<\/strong>.<\/li>\n<\/ul>\n<p>Orchestration refers <strong>to the coordination of security tools and systems<\/strong>, such as <a href=\"https:\/\/pandorafms.com\/en\/it-topics\/siem\/\" target=\"_blank\" rel=\"noopener\">SIEMs<\/a>, EDRs, firewalls, and others. Depending on the specific SOAR platform, this orchestration can be implemented via APIs, prebuilt connectors, or custom integrations.<br \/>\nThis orchestration sets the stage for the next core component: <strong>automated countermeasures<\/strong>.<br \/>\nA simple example would be scanning email attachments. In a SOAR platform, you can create a response flow (known as a playbook, which we\u2019ll dive into later) to handle this. The playbook might scan the attachments, determine if they contain malware, and, if so, block the sender and quarantine the message. If the sender is internal (from the company\u2019s domain), it might even send an alert to the user and proactively lock the account as a precaution.<br \/>\nThese automated response playbooks are highly flexible\u2014and they make sure your engineers don\u2019t spend five years of training manually scanning attachments and suspending accounts.<br \/>\nFinally, there\u2019s the response itself. In many cases, the automated workflows described above will already include response actions. These responses vary depending on the threat.<br \/>\nFor example, for routine issues like the one above, a SOAR can automatically block an internal account. For more complex scenarios, you can define a playbook that requires human approval\u2014such as escalating to the SOC with an alert and letting analysts take action.<\/p>\n<h2 id=\"3\">How Does a SOAR Work?<\/h2>\n<p>At the core of how a SOAR operates are the <strong>playbooks<\/strong> we mentioned earlier.<br \/>\nA playbook\u2014a term borrowed from sports like American football, where it refers to predefined strategies the team can execute on cue\u2014is an automated workflow that tells the SOAR what actions to take in specific scenarios.<br \/>\nDepending on the SOAR solution in use, these workflows can be created using code (such as Python), or through a <strong>low-code or no-code interface<\/Strong>.<br \/>\nFor instance, Splunk SOAR allows users to build playbooks visually, creating flowcharts that define what happens at each stage\u2014no need to write out every if condition manually.<br \/>\nA typical example of how a playbook might run:<\/p>\n<ul class=\"lista\">\n<li>The SIEM sends an alert about a potential malware-laced email, based on data it received from an <a href=\"https:\/\/pandorafms.com\/en\/it-topics\/what-is-an-endpoint\/\" target=\"_blank\" rel=\"noopener\">endpoint<\/a> EDR installed on the CEO\u2019s laptop<\/li>\n<li>The SOAR receives the alert and triggers the relevant playbook.<\/li>\n<li>The playbook launches the first automated response actions, such as quarantining the suspicious email.<\/li>\n<li>Conditional logic built into the playbook adds flexibility<\/li>\n<li>If the email comes from an unknown external source, the playbook deletes it, blocks the sender, logs the event, and moves on\u2014no need to bother anyone, since this happens dozens of times a day.<\/li>\n<li>But if the email originates from the company\u2019s own domain, the situation might be more serious. Perhaps there\u2019s a misconfiguration with the DMARC policy. In that case, the playbook executes a hybrid response: it quarantines the message, logs the metadata, and escalates it to the SOC with all relevant details for investigation.<\/li>\n<\/ul>\n<p>It\u2019s important <strong>not to confuse playbook with runbooks<\/strong>. A runbook is more like a cookbook recipe\u2014a linear, step-by-step process for handling a routine operation, such as restarting a downed service.<br \/>\nPlaybooks, on the other hand, are more dynamic and decision-driven. They adapt based on conditions and branching logic rather than executing the same set of steps every time.<\/p>\n<h2 id=\"4\">Benefits of Implementing a SOAR in Your Organization<\/h2>\n<p>The advantages of a SOAR platform are clear. It\u2019s like reinforcing your small cybersecurity team with automated drones that deploy to the battlefield the moment your <a href=\"https:\/\/pandorafms.com\/en\/security-monitoring\/\" target=\"_blank\" rel=\"noopener\">security monitoring<\/a> tools detect a threat. This helps eliminate the constant stream of &#8220;small cuts&#8221; that bleed your resources dry.<br \/>\nSOAR implementation brings:<\/p>\n<ul class=\"lista\">\n<li><strong>Reduced Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR)<\/strong><br \/>Faster threat detection and response times improve your security posture across the board.<\/li>\n<li><strong>Increased response capacity without increasing SOC headcount<\/strong><br \/>Your team can do more, better, and faster\u2014without burning out or needing to scale personnel.<\/li>\n<li><strong>Improved compliance<\/strong><br \/>Playbooks can be configured to automatically store the necessary data for <a href=\"https:\/\/pandorafms.com\/en\/it-topics\/what-is-cyber-forensics\/\" target=\"_blank\" rel=\"noopener\">forensic <\/a> audits or regulatory reporting, proving active infrastructure monitoring.<\/li>\n<li><strong>Fewer human errors in repetitive tasks<\/strong><br \/>Automated actions are consistent and fatigue-proof, reducing risks caused by inattention or burnout.<\/li>\n<li><strong>Standardized, more effective responses<\/strong><br \/>Responses are based on pre-built playbooks that reflect cybersecurity <a href=\"https:\/\/attack.mitre.org\/\" target=\"_blank\" rel=\"nofollow noopener\">best practices<\/a>, ensuring consistency and efficiency every time.<\/li>\n<\/ul>\n<h2 id=\"5\">Common Use Cases for SOAR<\/h2>\n<p>We\u2019ve already seen how <a href=\"https:\/\/www.acelerapyme.gob.es\/va\/novedades\/pindola\/que-es-el-soar-y-como-te-ayuda-mejorar-la-ciberseguridad\" target=\"_blank\" rel=\"nofollow noopener\">SOAR<\/A> can help manage threats without driving our engineers (even more) insane, but here are some other frequent use cases:<\/p>\n<ul class=\"lista\">\n<li><strong>Phishing or malware mitigation<\/strong>, as shown in previous examples.<\/li>\n<li><strong>Better alert and false positive management<\/strong>. As long as the playbook rules are solid\u2014for example, ignoring login attempts from internal IPs.<\/li>\n<li><strong>Faster incident investigation<\/strong>. For instance, consolidating logs from Active Directory, firewalls, and the EDR into a single incident report, rather than forcing the SOC team to comb through them individually.<\/li>\n<li><strong>Automatic mitigation of <a href=\"https:\/\/pandorafms.com\/en\/it-topics\/attack-ddos-security\/\" target=\"_blank\" rel=\"nofollow noopener\">DDoS attacks<\/a><\/strong>.<\/li>\n<li><strong>Automated compliance enforcement<\/strong>(audit reports, logging every action taken during an incident, etc.).<\/li>\n<li><strong>Automated patching of non-critical systems.<\/strong><\/li>\n<li><strong>Blocking malicious insider accounts<\/strong>  (e.g., when large-scale data downloads are detected).<\/li>\n<li>And more&#8230;<\/li>\n<\/ul>\n<h2 id=\"6\">Differences Between SOAR and SIEM: Rivalry or Complement?<\/h2>\n<p>In cybersecurity\u2014as in life\u2014there are no absolute black-and-white answers, nor are borders always clearly defined. On top of that, there&#8217;s a tendency for tools to expand their capabilities over time.<br \/>\nFor example, there\u2019s a strong incentive for an IDS like Snort not only to scan the network, but also to include prevention features, evolving into an IPS.<br \/>\nSIEM and SOAR usually occupy <strong>adjacent roles<\/strong> within a cybersecurity architecture. That proximity often leads to blurred lines, with each solution taking on functions traditionally associated with the other in an attempt to become more appealing.<br \/>\nHowever, <strong>SIEM and SOAR are elite specialists<\/strong>, each excelling in their respective areas:<\/p>\n<ul class=\"lista\">\n<li><strong>SIEM<\/strong> is the analyst\u2014skilled at gathering and correlating data, transforming raw information into actionable intelligence, often using machine learning to detect threats that aren\u2019t obvious at first glance.<\/li>\n<li><strong>SOAR<\/strong> is the responder\u2014built to take action based on that intelligence, offering broader and more flexible response capabilities.<\/li>\n<\/ul>\n<p>Yes, some SIEMs now include basic automated response features, and some SOAR platforms have limited data analysis capabilities\u2014but <strong>true cybersecurity strength lies in getting both to work together<\/strong>.<br \/>\nStill, it&#8217;s essential to note that <strong>response quality depends on the quality of the information received<\/strong>.<br \/>\nIf that data is poor, the SOAR platform may end up unnecessarily blocking IP addresses or deleting legitimate emails. That\u2019s why a robust SIEM\u2014capable of collecting, filtering, and interpreting threat data\u2014is critical to alerting the SOAR appropriately.<br \/>\nSummary: SIEM vs SOAR<\/p>\n<table class=\"PandoTable>\n<tbody>\n<tr>\n<td><\/td>\n<td>\n<p><strong>SIEM (Detection)<\/strong><\/p>\n<\/td>\n<td>\n<p><strong>SOAR (Response)<\/strong><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p><strong>Primary Function<\/strong><\/p>\n<\/td>\n<td>\n<p>Collects and correlates logs to detect anomalies.<\/p>\n<\/td>\n<td>\n<p>Automates and coordinates incident response.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p><strong>Focus<\/strong><\/p>\n<\/td>\n<td>\n<p>What&#8217;s happening?<\/p>\n<\/td>\n<td>\n<p>How do we fix it?<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p><strong>Key Tasks<\/strong><\/p>\n<\/td>\n<td>\n<p>&#8211; Aggregate logs from multiple sources.<\/p>\n<p>&#8211; Generate rule-based alerts.<\/p>\n<p>&#8211; Ensure compliance (GDPR, ISO 27001&#8230;).<\/p>\n<\/td>\n<td>\n<p>&#8211; Execute response playbooks.<\/p>\n<p>&#8211; Orchestrate tools (EDR, firewall).<\/p>\n<p>&#8211; Manage false positives.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p><strong>Automation<\/strong><\/p>\n<\/td>\n<td>\n<p>Limited.<\/p>\n<\/td>\n<td>\n<p>Advanced.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p><strong>Human Interaction<\/strong><\/p>\n<\/td>\n<td>\n<p>Frequent.<\/p>\n<\/td>\n<td>\n<p>Reduces load through automation.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p><strong>Practical Example<\/strong><\/p>\n<\/td>\n<td>\n<p>Detects 50 failed login attempts from an external IP and alerts the SOAR.<\/p>\n<\/td>\n<td>\n<p>Blocks the IP, resets the password, and notifies the SOC.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p><strong>Key Benefit<\/strong><\/p>\n<\/td>\n<td>\n<p>Centralized visibility of threats.<\/p>\n<\/td>\n<td>\n<p>Fast, standardized incident response.<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2 id=\"7\">Integration of SOAR with Other Security Tools<\/h2>\n<p><strong>SOAR cannot function on its own.<\/strong> As we\u2019ve seen, it relies on its connection to the SIEM (if one is available) or to other programs (like an IDS) to inform it about what it needs to act on. However, it also depends on connecting to other devices to execute its playbooks. This is where orchestration comes in \u2014 conducting the various elements like an orchestra to respond to threats.<br \/>\nThis highlights the importance of APIs and connectors, ensuring they are easy to configure and that the solution can work well as part of a team.<br \/>\nLet\u2019s look at an example of a modern SOAR architecture and how its connections would function in a simple <a href=\"https:\/\/pandorafms.com\/en\/it-topics\/what-is-malware-how-to-prevent-it\/\" target=\"_blank\" rel=\"noopener\">malware<\/A> incident.<\/p>\n<ul class=\"lista\">\n<li>An unhappy employee arrives at the office with a USB drive full of malicious intent.<\/li>\n<li>They execute the malware contained on it, but the EDR monitors this action. Since it is connected to a SIEM, it reports the event, and the SIEM determines it\u2019s a threat and alerts the SOAR.<\/li>\n<li>The SOAR then triggers the pre-defined playbook for such cases, connecting with the EDR to stop the execution of the malicious file.<\/li>\n<li>At the same time, the SOAR connects to VirusTotal via API, for example, to submit the file for analysis.<\/li>\n<li>If VirusTotal responds positively (confirming the malware), SOAR reconnects with the EDR to block the infected device and opens a ticket in the ticketing system for the SOC, including all relevant details about the incident and the implicated user.<\/li>\n<\/ul>\n<p>As we can see, SOAR depends on connections with other technologies \u2014 both to receive information and to orchestrate an effective and automated response.<\/p>\n<h2 id=\"8\">Considerations Before Implementing a SOAR Solution<\/h2>\n<p>After reading all this, any cybersecurity leader would want that army of little \u201cprogrammable robots\u201d on their side\u2014handling tedious tasks without needing food, rest, or the occasional scolding (unlike their engineers).<br \/>\nHowever, SOAR isn\u2019t a silver bullet, nor is it suitable for every organization. Before jumping in, a few key considerations must be addressed.<\/p>\n<p><strong>First, conduct a needs assessment<\/strong>.<br \/>\nDepending on your available resources and the complexity of the infrastructure you need to protect, a full SOAR platform may not be necessary. Other tools with some automated response capabilities might be sufficient. It\u2019s important to understand that SOAR adds a layer of complexity, so ask yourself questions like:<\/p>\n<ul class=\"lista\">\n<li><strong>Are we spending too much time on repetitive tasks? <\/strong>If not, SOAR won\u2019t add much value. <\/li>\n<li><strong>Do we already use tools like SIEMs, IDSs, etc., that can be properly integrated with SOAR?<\/strong> Because a SOAR solution alone can\u2019t do much.<\/li>\n<li><strong>Do we have well-defined (but mostly manual) processes that could be handed off to a SOAR platform?<\/strong><\/li>\n<\/ul>\n<p>If the analysis shows a clear need for SOAR, then the next step is selecting the right solution. In real life, this choice is usually limited first by budget and second by complexity.<br \/>\nThere are open-source options like <a href=\"https:\/\/shuffler.io\/\" target=\"_blank\" rel=\"nofollow noopener\">Shuffle<\/a> with automated response capabilities. But while powerful, they can be difficult to configure and manage.<br \/>\nAnd while I love open source with all my heart, if your organization is strategic or faces high-risk scenarios, a commercial solution is often more appropriate. <strong>Splunk<\/strong> (now owned by Cisco) is one of the top choices, but not the only one. Other common platforms include <strong>Fortinet\u2019s Fortisoar<\/strong> and <strong>Microsoft Sentinel<\/strong>.<br \/>\nThen comes the deployment and integration phase, which will vary depending on the tool selected.<br \/>\nAfter deployment, you\u2019ll need to start small: test a few playbooks, verify that everything works as expected, implement them in production, and slowly expand from there.<\/p>\n<p>At the same time, keep in mind that <strong>SOAR changes SOC workflows<\/strong>.<br \/>\nThis means you won\u2019t just train staff on the new tool\u2014you\u2019ll also need to manage the shift in responsibilities, as many of the routine tasks (hopefully) get automated and your human analysts take on higher-value work.<\/p>\n<h2 id=\"9\">SOAR in the Pandora FMS Ecosystem<\/h2>\n<p><strong>Pandora SIEM is the ideal ally in any security architecture that includes a SOAR platform<\/strong>.Sitting right before the SOAR\u2019s automated response kicks in, it provides advanced information and alerting capabilities, enhancing effectiveness and significantly reducing workload.<br \/>\nBy acting as a centralized intelligence hub, <strong>Pandora SIEM prevents unnecessary or counterproductive playbook executions<\/strong>\u2014because once again, endpoints got blocked due to false positives, everyone&#8217;s yelling, you&#8217;re trying to reduce downtime, and secretly dreaming (with tears in your eyes) about becoming a gardener.<br \/>\n<strong>Pandora\u2019s integration isn\u2019t limited to SIEM\u2014it&#8217;s part of a broader ITSM ecosystem<\/strong>, designed to simplify operations across the board.<br \/>\nFor example, <strong>Pandora SIEM detects malicious activity and sends the alert to the SOAR platform<\/strong> which triggers the appropriate playbook. Let\u2019s say the incident is serious\u2014the automatic actions help contain the threat, but they aren\u2019t enough on their own.<br \/>\nIn that case, <strong>SOAR can automatically create a ticket in Pandora ITSM for the SOC, <\/strong>including all relevant information to speed up response and resolution times.<br \/>\nOr perhaps it was a false alarm. Maybe that port scan came from our own Blue Team checking for unsecured doors. The SOAR platform can detect that and, as part of the playbook, close the ticket in Pandora ITSM, specifying the reason and context.<\/p>\n<p><strong>That way, the SOC is free to focus on high-priority tasks\u2014like secretly gaming during work hours without anyone noticing.<\/strong><br \/>\nAs we&#8217;ve seen, SOAR helps solve one of the most widespread pain points in modern cybersecurity\u2014but it does require a prior needs assessment, proper budget allocation, and setup time.<\/p>\n<p>Still, <strong>once in place and properly configured, a SOAR solution expands your incident response capabilities <\/strong>by deploying &#8220;robotic drones&#8221; into the battlefield to handle the repetitive tasks\u2014so your human team can focus on what truly matters.[\/et_pb_text][et_pb_button button_url=&#8221;@ET-DC@eyJkeW5hbWljIjp0cnVlLCJjb250ZW50IjoicG9zdF9saW5rX3VybF9wYWdlIiwic2V0dGluZ3MiOnsicG9zdF9pZCI6IjM2MjI3MCJ9fQ==@&#8221; button_text=&#8221;\u2190 Back to IT Topics&#8221; button_alignment=&#8221;left&#8221; _builder_version=&#8221;4.22.0&#8243; _dynamic_attributes=&#8221;button_url&#8221; _module_preset=&#8221;default&#8221; custom_button=&#8221;on&#8221; button_text_size=&#8221;1em&#8221; button_text_color=&#8221;#0C312F&#8221; button_bg_color=&#8221;#FFFFFF&#8221; button_bg_color_gradient_direction=&#8221;90deg&#8221; button_bg_color_gradient_stops=&#8221;#82B92E 0%|#3CB92E 100%&#8221; button_bg_color_gradient_start=&#8221;#82B92E&#8221; button_bg_color_gradient_end=&#8221;#3CB92E&#8221; button_border_width=&#8221;1px&#8221; button_border_color=&#8221;#eaeaea&#8221; button_border_radius=&#8221;100px&#8221; button_use_icon=&#8221;off&#8221; z_index=&#8221;0&#8243; custom_margin=&#8221;60px||0px||false|false&#8221; custom_padding=&#8221;10px|50px|10px|50px|true|true&#8221; custom_padding_tablet=&#8221;&#8221; custom_padding_phone=&#8221;10px|20px|10px|20px|true|true&#8221; custom_padding_last_edited=&#8221;on|phone&#8221; custom_css_main_element=&#8221;right:0!important;||font-family:%22Pandora-Bold%22!important;&#8221; global_module=&#8221;367749&#8243; locked=&#8221;off&#8221; global_colors_info=&#8221;{}&#8221; button_bg_color__hover_enabled=&#8221;on|desktop&#8221; button_bg_color_gradient_start__hover=&#8221;#eaeaea&#8221; button_bg_color_gradient_end__hover=&#8221;#f4f4f4&#8243; button_bg_color__hover=&#8221;#eaeaea&#8221; button_bg_enable_color__hover=&#8221;on&#8221; button_bg_use_color_gradient__hover=&#8221;on&#8221; button_bg_color_gradient_stops__hover=&#8221;#eaeaea 0%|#f4f4f4 100%&#8221;][\/et_pb_button][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=&#8221;1&#8243; custom_padding_last_edited=&#8221;on|desktop&#8221; admin_label=&#8221;Final CTA&#8221; _builder_version=&#8221;4.22.0&#8243; _module_preset=&#8221;default&#8221; background_color=&#8221;#161327&#8243; use_background_color_gradient=&#8221;on&#8221; background_color_gradient_stops=&#8221;rgba(22,19,39,0.5) 17%|rgba(22,19,39,0.5) 100%&#8221; background_color_gradient_overlays_image=&#8221;on&#8221; background_image=&#8221;https:\/\/pandorafms.com\/wp-content\/uploads\/2024\/01\/Try-Pandora-FMS-scaled.webp&#8221; background_position=&#8221;top_center&#8221; background_vertical_offset=&#8221;0%&#8221; z_index=&#8221;1&#8243; max_width=&#8221;1080px&#8221; max_width_tablet=&#8221;98%&#8221; max_width_phone=&#8221;98%&#8221; max_width_last_edited=&#8221;on|tablet&#8221; module_alignment=&#8221;center&#8221; custom_margin=&#8221;80px||80px||true|false&#8221; custom_padding=&#8221;40px|20px|160px|20px|false|true&#8221; custom_padding_tablet=&#8221;40px|0px|120px|0px|false|true&#8221; custom_padding_phone=&#8221;40px|0px|120px|0px|false|true&#8221; scroll_scaling=&#8221;40|55|85|100|100%|120%|100%&#8221; motion_trigger_start=&#8221;top&#8221; background_last_edited=&#8221;off|desktop&#8221; border_radii=&#8221;off|20px|20px|20px|20px&#8221; border_color_all=&#8221;#ffffff&#8221; box_shadow_style=&#8221;preset1&#8243; box_shadow_vertical=&#8221;0px&#8221; box_shadow_blur=&#8221;80px&#8221; box_shadow_color=&#8221;#506da0&#8243; global_module=&#8221;367110&#8243; global_colors_info=&#8221;{}&#8221;][et_pb_row use_custom_gutter=&#8221;on&#8221; gutter_width=&#8221;2&#8243; make_equal=&#8221;on&#8221; _builder_version=&#8221;4.22.0&#8243; _module_preset=&#8221;default&#8221; max_width=&#8221;550px&#8221; module_alignment=&#8221;center&#8221; custom_margin=&#8221;0px||0px||true|false&#8221; custom_padding=&#8221;0px|0px|0px|0px|true|true&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.22.0&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_text _builder_version=&#8221;4.22.0&#8243; _module_preset=&#8221;default&#8221; header_2_font_size=&#8221;2em&#8221; text_orientation=&#8221;center&#8221; module_alignment=&#8221;left&#8221; custom_margin=&#8221;0px||20px||false|false&#8221; custom_padding=&#8221;0px||0px||true|false&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<p class=\"h2-w\">Beyond limits, beyond expectations<\/p>\n<p>[\/et_pb_text][et_pb_button button_url=&#8221;https:\/\/pandorafms.com\/en\/free-trial\/&#8221; button_text=&#8221;Get your FREE Trial!&#8221; button_alignment=&#8221;center&#8221; button_alignment_tablet=&#8221;center&#8221; button_alignment_phone=&#8221;center&#8221; button_alignment_last_edited=&#8221;on|phone&#8221; _builder_version=&#8221;4.22.0&#8243; _module_preset=&#8221;default&#8221; custom_button=&#8221;on&#8221; button_text_size=&#8221;1em&#8221; button_text_color=&#8221;#ffffff&#8221; button_bg_use_color_gradient=&#8221;on&#8221; button_bg_color_gradient_direction=&#8221;90deg&#8221; button_bg_color_gradient_stops=&#8221;#82B92E 0%|#3CB92E 100%&#8221; button_bg_color_gradient_start=&#8221;#82B92E&#8221; button_bg_color_gradient_end=&#8221;#3CB92E&#8221; button_border_width=&#8221;0px&#8221; button_border_radius=&#8221;100px&#8221; button_use_icon=&#8221;off&#8221; z_index=&#8221;0&#8243; custom_margin=&#8221;40px||0px||false|false&#8221; custom_padding=&#8221;10px|40px|10px|40px|true|true&#8221; custom_padding_tablet=&#8221;&#8221; custom_padding_phone=&#8221;15px|15px|15px|15px|true|true&#8221; custom_padding_last_edited=&#8221;on|phone&#8221; custom_css_main_element=&#8221;right:0!important;||font-family:%22Pandora-Bold%22!important;&#8221; locked=&#8221;off&#8221; global_colors_info=&#8221;{}&#8221; button_bg_color__hover_enabled=&#8221;on|hover&#8221; button_bg_color_gradient_start__hover=&#8221;#05201F&#8221; button_bg_color_gradient_end__hover=&#8221;#05201F&#8221; button_bg_color_gradient_stops__hover=&#8221;#181818 0%|#181818 58%|#181818 100%&#8221; button_bg_use_color_gradient__hover=&#8221;on&#8221;][\/et_pb_button][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Sections What Is SOAR? Key Components of a SOAR Solution How Does a SOAR Work? Benefits of Implementing a SOAR in Your Organization Common Use Cases for SOAR Differences Between SOAR and SIEM: Rivalry or Complement? Integration of SOAR with Other Security Tools Considerations Before Implementing a SOAR Solution SOAR in the Pandora FMS Ecosystem [&hellip;]<\/p>\n","protected":false},"author":12,"featured_media":397438,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","_joinchat":[],"footnotes":""},"categories":[7753,3505],"tags":[],"class_list":["post-397444","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cibersecurity","category-it-topics"],"_links":{"self":[{"href":"https:\/\/pandorafms.com\/en\/wp-json\/wp\/v2\/posts\/397444","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pandorafms.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pandorafms.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pandorafms.com\/en\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/pandorafms.com\/en\/wp-json\/wp\/v2\/comments?post=397444"}],"version-history":[{"count":5,"href":"https:\/\/pandorafms.com\/en\/wp-json\/wp\/v2\/posts\/397444\/revisions"}],"predecessor-version":[{"id":397459,"href":"https:\/\/pandorafms.com\/en\/wp-json\/wp\/v2\/posts\/397444\/revisions\/397459"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pandorafms.com\/en\/wp-json\/wp\/v2\/media\/397438"}],"wp:attachment":[{"href":"https:\/\/pandorafms.com\/en\/wp-json\/wp\/v2\/media?parent=397444"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pandorafms.com\/en\/wp-json\/wp\/v2\/categories?post=397444"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pandorafms.com\/en\/wp-json\/wp\/v2\/tags?post=397444"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}