Flexible Training for Today's Critical Cyber Skills - Available Now with Best Specials of the Year - Learn More


To attend this webcast, login to your SANS Account or create your Account.

SOAR Solutions Forum

  • Friday, June 18th | 10:30 AM - 2:30 PM EDTFriday, June 18, 2021 at 10:30 AM EDT (2021-06-18 14:30:00 UTC)
  • Chris Crowley


  • Cyware
  • DomainTools
  • Palo Alto Networks
  • ThreatQuotient
  • Swimlane
  • LogicHub
  • ThreatConnect
  • Siemplify

You can now attend the webcast using your mobile device!



You will earn 6 CPE credits for attending this virtual event.

Forum Format: Virtual

Event Overview

Security Orchestration, Automation and Response (SOAR) tooling is intended to increase efficiency and consistency. These tools also promise to diminish the cost of operating a Security Operations Center (SOC) for most organizations. If used properly, these tools can do all of these things. The challenge is that the tools are frequently bought to avoid the one thing that most organizations don't seem to be able to do on their own: figuring out the sequence of actions that need to be automated and bringing together the mass of data from disparate tools.

Investing in a SOAR platform is strategic and oftentimes a financially beneficial decision. SOAR systems can help define, prioritize, and standardize responses to cyber incidents. This process occurs when an organizations security team uses the platform to gain insight on an attackers tactics, techniques, and procedures (TTPs) and known indicators of compromise (IOC).

Join this SANS lead forum as we explore various SOAR topics through invited speakers while showcasing current capabilities available today. Presentations will focus on technical case-studies and thought leadership using specific examples relevant to the industry.

Relevant topics:

   Managing Security Operations

   Handling Security Alerts & Alert Fatigue

   Accelerate Threat Hunting

   Case Management and Collaboration

   Security Information and Event Management (SIEM)

   Data Tracking & Customization

Speaker Bio

Chris Crowley

Christopher Crowley is the course author for SANS Management 517 - Managing Security Operations and SANS Management 535 - Incident Response Team Management. Chris holds several industry certifications including the GSEC, GCIA, GCIH (gold), GCFA, GPEN, GMOB, GASF, GREM, GXPN, and CISSP. His teaching experience includes FOR585, MGT517, MGT535, SEC401, SEC503, SEC504, SEC560, SEC575, and SEC580; Apache web server administration and configuration; and shell programming. He was awarded the SANS 2009 Local Mentor of the year award. "The Mentor of the Year Award is given to SANS Mentors who excel in leading SANS Mentor Training classes in their local communities." Mr. Crowley spends his spare time mountain biking, rock climbing and savoring epicurean treats.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.