New In-Person Event locations added! Choose your event, and join us for practical cyber security training.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

SOARing beyond aggregation: How to achieve meaningful correlation and prioritization of security alerts and actions

  • Wednesday, November 13, 2019 at 1:00 PM EST (2019-11-13 18:00:00 UTC)
  • Nick Tausek, Jake Williams


  • Swimlane

You can now attend the webcast using your mobile device!



Todays security operations centers (SOCs) do not have the time, energy, or resources to keep pace with the growing security skills gap and evolving threat landscape. Security operations (SecOps) need to be able to secure their organizations by doing more with less. This is where a security orchestration, automation, and response (SOAR) solution comes in. Using a SOAR platform, SecOps teams can ingest events, reports, and alerts from any number of sources, perform automated research and prioritization, correlate across platforms, events, and alerts, and coordinate our analysts response efforts.

In this presentation, attendees will learn strategies and techniques for navigating out of the perpetual quagmire of disparate events and alerts that most SOCs experience. Key takeaways include:

  • Active automation strategies for users who have SOAR.
  • Automation-friendly workflow and process designs for customers who are not yet using SOAR.
  • Strategies for prioritization of alerts and events using correlation and automated research.

Speaker Bios

Nick Tausek

Nick Tausek is a Security Research Engineer at Swimlane, where he's been working for a year. Before that, he was an information security analyst for Government, NGOs, Corporate space, and MSSPs for 8 years. In his pre-infosec life, he worked VOIP, Tech Support, Web Design, and Translation. He speaks English, Japanese, German, and a little French, and programs mostly in Python, but is comfortable in a handful of other languages as well, such as JS, VBA, HTML, CSS, etc.

Jake Williams

Jake Williams is a SANS analyst, senior SANS instructor, course author and designer of several NetWars challenges for use in SANS' popular, "gamified" information security training suite. Jake spent more than a decade in information security roles at several government agencies, developing specialties in offensive forensics, malware development and digital counterespionage. Jake is the founder of Rendition InfoSec, which provides penetration testing, digital forensics and incident response, expertise in cloud data exfiltration, and the tools and guidance to secure client data against sophisticated, persistent attacks on-premises and in the cloud.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.