Cloud SOAR Overview
Why Cloud SOAR?
Cloud SOAR is a modern security operations technology platform that empowers MSSPs, SOCs, and security teams by providing collaborative and automated real-time incident management and threat response. Make quick and insightful decisions during security response with workflow automation.
All-in-one platform for minimizing the response time
- Integrates disparate technologies focusing analysts on real threats
- Makes the most of automation, orchestrating several tools in Standard Operating Procedures (SOPs)
- Measures success and improves communication
Better collaboration
Cloud SOAR’s native orchestration capabilities boost the collaboration within the SOC team, ensuring efficient synergy during each phase of incident response.
Automation of the full incident lifecycle eases the burden on security analysts, while helping to successfully pinpoint real threats and coordinate an effective response across tools and team members.
Customizable reports
Quickly assemble highly customizable reports and dashboards to easily navigate and assess your security intelligence portfolio. Use relevant templates to capture workflow processes, job functions, and response timeframes, including critical indicators of compromise (IOC) and corrective actions taken. Use reports to create greater visibility for KPIs and make collective improvements across the SOC team.
Speed incident response
Cloud SOAR improves incident response time with flexible workflow automation across tools and teams. Machine learning distinguishes real threats from false positives to reduce alert fatigue.
Connect disparate tools
Cloud SOAR acts as the connective tissue between your existing tools to automate processes across the SOC and derive relevant insights throughout your security portfolio.
Close the skill gap
Automated workflow processes help analysts function at an optimal level and reduce the skills gap that exists from the lack of qualified cybersecurity professionals.
Comprehensive security portfolio
Cloud SOAR comprises both the Automation Service, which allows our Cloud SIEM to leverage the power of automated playbooks, and the full Cloud SOAR. Cloud SOAR combines automation with case management, among many other capabilities aimed at helping your organization modernize security operations.
Support and compliance
Data retention
This section lists the retention period for each type of data generated.
Default retention periods by data type
Sumo Logic automatically deletes the following customer data according to the table retention period below, except for customers required to ensure HIPAA compliance (see second table).
| Data type | Retention period |
|---|---|
| Incidents | 2 years |
| Triage | 2 years |
| Entities | 2 years |
| Playbook and action executions | 2 years |
For HIPAA-compliant customers, we delete data following the retention periods below.
If you need to follow HIPAA compliance, it is important to explicitly communicate this when requesting Cloud SOAR activation.
| Data type | Retention period |
|---|---|
| Incidents | 7 years |
| Triage | 7 years |
| Entities | 7 years |
| Playbook and action executions | 7 years |
Custom retention periods
You can request retention period times different from those declared in the tables above, as long as the retention period requested is greater than 1 day yet less than 5000 days.
In order to do that, please open a Support ticket with your request.