Fortinet, Inc.
FACILITATING SECURITY ORCHESTRATION, AUTOMATION AND RESPONSE (SOAR) THREAT INVESTIGATION USING A MACHINE-LEARNING DRIVEN MIND MAP APPROACH

Abstract:

Systems and methods for facilitating a mind map approach to a SOAR threat investigation are provided. A SOAR platform operatively coupled with a Security Operation Center (SOC) of a monitored network receives alert data pertaining to an incident. A mind map view is generated within a graphical user interface. The mind map view includes a primary node corresponding to the incident, one or more field nodes associated with the primary node, one or more action nodes based at least on one of the one or more field nodes. Each of the action nodes is associated with one or more dynamic actions selectable by an analyst. Responsive to selection of a dynamic action, at least one field node or a suggested actions associated with a corresponding action node is suggested by a machine-learning engine based on the selection. The mind map view is updated in real time to include the suggestion.