Skip to main content

Cloud SOAR Compared to the Automation Service

Cloud SOAR is a full-featured security orchestration, automation, and response (SOAR) application. The Automation Service is a subset of automation capabilities adapted from Cloud SOAR that is available to the entire Sumo Logic log analytics platform.

The Automation Service only has Cloud SOAR’s playbook-related features, including App Central and the Automation Bridge. Like the Cloud SOAR action types, the Automation Service action types can perform automated responses to events, including run containment actions and manual user interaction steps.

Main differences

Why would you want to use Cloud SOAR when the Automation Service already does automation similar to Cloud SOAR? Because Cloud SOAR does much more.

Case and incident management

The Automation Service doesn't include any of Cloud SOAR’s case management or incident management functionality. Managing at the incident level and assigning to cases gives SecOps teams flexibility to respond in a number of ways, and to run reports and do analysis.

Daemon and trigger action types

The Automation Service does not support daemon and trigger action types. The Automation Service can only use triggers built into Cloud SIEM and the Log Analytics platform. So you can’t configure a playbook in the Automation Service to monitor an external process or file and fire a trigger in response like you can with Cloud SOAR. A trigger can only fire in the Automation Service for limited events, such as when an Insight is created in Cloud SIEM.

Additional features

Cloud SOAR also offers many more features than the Automation Service, including customizable dashboards, reports, widgets, data filtering, and entity analysis, to name a few.

Feature comparison

Cloud SOAR
App Central
- Integrations
- Playbooks
Automation (full features)checkcheck
Automation Bridgecheckcheck
Integration with Cloud SIEM and Log Analyticscheckcheck
Integrations managementcheckcheck
Open Integration Framework (OIF)
- Custom docker images for action execution
- Custom integration capabilities
- Integration Builder (almost no-code)
- Execution in the cloud (without using an Automation Bridge)
- Execution in local network with an Automation Bridge
- Management
- Slack integration for node activation
Advanced automation capabilities
- Daemons
- Triggers
Automation rule definitioncheck
Average Phase Durationcheck
- Attachments
- Bulk actions
- Cloning
- Collaboration ( Notes, Slack, Task)
- Contextual hints while writing a search string
- Fields customization
- Filters with advanced search bar
- Incident attachments (files)
- Label configuration
- Manual creation
- Online/offline search
- Over time
- Overview
- Ownership and user group management
- Selection of case properties to display
- Statistics
- Template
- War Room
- Cloning
- Multiple
- Preview while customizing page
- Public/private
- Harvesting
- Manual creation
Data can be shown with:
- Filtering (with query, bookmarks, and via search bar)
- Graphs
- Placeholders/tags
- Tables
- Text
Flexible layout with drag and dropcheck
Logo configurationcheck
Metrics for usage and adoptioncheck
- Create starting from a case list query
- Customize format, margins, orientation, pages and page header/footer
- Flexible layout with drag and drop
- Multiple
- Public/private
- Realtime preview while customizing page
- Scheduled
SecOps Dashboardcheck
Task Overviewcheck
- Configuration
- Event management
- Graphical display of the playbooks executed
User group managementcheck
- Custom
- Public/private
- Real time preview
- Textual (with placeholder and images support)
Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.