All news with #soar tag

🔔 On June 02, 2026 at 12:00 PM ET, BleepingComputer will host a live webinar titled From alert to containment: Fixing the gaps in network incident response with Edgar Ortiz, Solutions Engineering Leader at Tines. The session explores why incidents escalate when response processes—triage, enrichment, and routing—break down, not because of a lack of alerts. Attendees will learn how intelligence workflows that combine automation and AI can enrich alerts, prioritize and route incidents, and coordinate containment across systems to reduce response times and prevent broader service disruption.

🔔 This article distills five practical steps to move SOCs from alert fatigue to measurable business resilience, based on the 2026 N-able State of the SOC Report. It explains why volume-focused metrics fail, highlights that 90% of investigations are automatable, and shows how AI-driven correlation and SOAR can reclaim analyst time. The guide emphasizes layered defenses and playbooks designed to contain incidents quickly and preserve uptime.

🔒 The 2026 State of the SOC Report, based on more than 909,000 alerts observed via the Adlumin MDR at the N-able SOC between March and December 2025, lays out five practical steps to preserve operations when attackers strike. It urges layered, defense-in-depth designs that combine identity, endpoint, network, cloud, and perimeter visibility rather than relying on single-point solutions. The guidance highlights automation and SOAR to move containment and remediation to machine speed, modernized endpoint and ITDR identity controls to detect credential abuse, validated immutable backups to enable rapid recovery, and rigorous oversight of AI-driven processes to manage emerging attack surfaces.

🔧 AWS announced general availability of AWS DevOps Agent, an autonomous operations assistant that investigates incidents, triages alerts, and recommends fixes across AWS, multicloud, and on-premises environments. It integrates with observability tools, runbooks, code repositories, and CI/CD pipelines to reduce MTTR from hours to minutes. The release adds Azure and on-prem investigation, custom agent skills, and enterprise reporting and pricing integration with AWS Support credits.

🔐 CrowdStrike introduces Charlotte AI AgentWorks and Charlotte Agentic SOAR to enable agentic security operations that orchestrate context-aware agent fleets and automate responses at machine speed. The platform integrates frontier models from Anthropic, NVIDIA and OpenAI and leverages Falcon telemetry, threat intelligence, and industry partners to keep agents context-aware and secure. Built-in guardrails preserve human oversight and governed autonomy while mission-ready agents handle tasks from triage to malware analysis. Customers report sharply reduced manual workloads, restored analyst capacity, and improved decision accuracy.

⚡CrowdStrike introduces agentic MDR through Falcon Complete, combining deterministic automation, adaptive AI agents, and human analyst oversight to accelerate detection and response at machine speed. The service leverages Falcon Fusion SOAR and proprietary tooling to execute expert-engineered playbooks, delivering faster median time to contain and consistent, repeatable remediations. Complementary SOC Transformation Services modernize SIEM, data pipelines, workflows, and governance so organizations can adopt agentic operations safely and deliberately.

⚙️ Intelligent workflows combine automation, AI-driven decisioning, and human oversight to accelerate outcomes and reduce operational drag across Security and IT. This contributed piece presents three production-ready use cases — automated phishing response, AI agents for IT service requests, and vulnerability monitoring tied to CISA and Tenable — with pre-built templates to integrate into existing stacks. These Tines templates are designed to help teams prove value quickly while keeping humans in the loop and maintaining governance.

🔍 Modern SIEM platforms have evolved far beyond simple log collection, embedding AI/ML, XDR, and SOAR to enable real-time detection, automated remediation, and analyst workspaces. Convergence with XDR and SOAR is creating unified platforms that reduce complexity and accelerate response, while many SMBs opt for MDR instead of maintaining full SIEM deployments. Economic shifts and AI compute costs are changing cloud vs. on-prem trade-offs, and vendors are consolidating functionality through M&A and bundling.

⚙️ Falcon Fusion SOAR simplifies SOC automation by enabling teams to start with single, high-impact workflows and scale to agentic, AI-driven orchestration. New capabilities — natural language Workflow Generation, a Test-and-Debug preview, and a Data Transformation Agent powered by Charlotte AI — lower the barrier to building reliable automations. It integrates endpoint, identity, cloud, and threat intelligence, keeps humans in the loop, and supports mature programs that adopt Charlotte Agentic SOAR for agent orchestration.

☁️This article introduces a pre-built Tines workflow—Investigate AWS issues with CLI data using agents—that brings AWS CLI output directly into cases, removing repetitive console logins and syntax guesswork. A lightweight, read-only agent executes context-aware CLI commands and returns results safely to the workflow. Optional AI-driven formatting or Tines transformations convert dense JSON into concise, human-readable summaries. The template can be imported, connected to an AWS credential, customized, tested, and will append findings into Tines Cases for auditability and team collaboration.

🔍This live session breaks down practical choices for modern SOCs, led by Kumar Saurabh (CEO, AirMDR) and Francis Odum (CEO, SACR). Expect clear guidance on when to build, when to buy, and how to automate without losing control. The webinar features a real customer case study, a side‑by‑side look at SOC models, and a ready checklist to reduce tool sprawl and improve outcomes. Register to simplify operations and make every tool decision count.

🔍 CrowdStrike outlines an architectural approach to enable agentic defense across the Falcon platform. The blog highlights Enterprise Graph for semantic data unification, Charlotte AI expert agents for native reasoning, and Charlotte Agentic SOAR for adaptive orchestration. It stresses governed, auditable execution and the ability to build custom agents with Charlotte AI AgentWorks. The aim is a real-time digital twin so agents and analysts share a single, continuously updated context to accelerate triage and response.

🔁 Infinity Playblocks introduces API Request Step and Webhook Trigger to enable seamless bi-directional integration with any external system. Security teams can now call outbound APIs from playbooks and accept inbound webhook events to initiate automations. This open automation approach connects SIEMs, ITSM platforms, cloud and network controls, and third-party services without bespoke connectors. The result is simpler orchestration, fewer manual handoffs, and faster incident response.

🤖 Generative AI is rapidly transforming CyberOps by automating routine tasks, accelerating investigations and raising overall team productivity. Tools—some developed in-house and some by vendors—assist with forensics, incident response, log analysis, orchestration, vulnerability management and reporting. While AI scales capabilities and elevates junior staff, leaders stress the need for AI governance, prompt engineering skills and human oversight to manage risk.

🤖 The Criminal IP threat intelligence and attack-surface monitoring platform is now integrated into Cortex XSOAR, injecting AI-driven exposure context, behavioral signals, and automated scanning into SOAR playbooks. Analysts can launch Quick Lookups, Lite Scans, and Full Scans from within XSOAR and receive structured reports and continuous Micro ASM findings without leaving the console. The integration links internal telemetry with open-internet intelligence to improve incident classification, accelerate response, and reduce analyst fatigue.

📢 Amazon Quick Suite now integrates Quick Research as a step within Quick Flows, enabling automated generation of verified, source-traced research reports as part of multi-step workflows. Teams can schedule or trigger research flows to create reusable, shareable outputs that automatically kick off downstream actions—updating CRM records, creating tickets, or assigning tasks—reducing manual work and scaling proven analysis methods. Pre-configured flows accept creator instructions and optional user inputs to deliver consistent analysis across enterprise data sources.

🛡️ Microsoft Defender Experts outlines how autonomous AI agents are transforming Security Operations Centers by automating repetitive triage and amplifying analyst impact. Built with expert-defined guardrails, curated test sets, and human-in-the-loop validation, these agents already process about 75% of phishing and malware cases and help resolve incidents nearly 72% faster. The program emphasizes human governance, auditability, and iterative rollout through dark-mode evaluation and pilot partnerships.

🔐 DDI logs — DNS, DHCP and IP address management — are the authoritative record of network behavior, and when combined with AI become a high-fidelity source for threat detection and automated response. Integrated DDI-AI correlates disparate events into actionable incidents, enabling SOAR-driven quarantines and DNS blocking at machine speed. This fusion also powers continuous, AI-driven breach and attack simulation to validate defenses and harden models.

🛡️ SOC teams can reduce analyst burnout by replacing noisy alerts and manual chores with real-time behavioral context, automation, and integrated threat intelligence. Platforms such as ANY.RUN deliver interactive sandboxing that exposes full attack chains, automates human-like interactions (for example, solving CAPTCHAs and revealing hidden redirects), and pushes verified IOCs directly into SOC workflows. Organizations report up to 3× faster triage, fewer false positives, and a calmer, more resilient security operations center.

🚀 CrowdStrike introduces Charlotte Agentic SOAR, an orchestration layer that integrates Falcon Fusion SOAR, Falcon Next‑Gen SIEM, Charlotte AI and AgentWorks to enable intelligent, no‑code agents. The offering includes an Agentic Security Workforce of purpose-built AI agents, an Agent Builder for plain-language agent creation, a visual workflow orchestrator with hundreds of connectors, and unified case management. Together these elements let analysts set guardrails while agents reason, decide, and act at machine speed to accelerate detection and response and reduce repetitive analyst tasks.