Huntsman Security’s SIEM provides extensive automated response script and command execution capabilities, (Guardian Response). Additionally, we provide the option to include our integrated Security Orchestration, Automation and Response (SOAR) technology.

Guardian scripts can automatically initiate complex automated responses, including:

• Asynchronously seek data to enrich the investigation process, therefore reducing operator workload and limiting the time between detection and response
• Verify security alerts in seconds, automatically seeking supportive contextual data to distinguish between real threats and false positives
• Support the threat response process of security analysts through the delivery of a case file of all available and relevant threat information, or launch specific machine-automated actions in response to trigger events

Once an alert has been legitimised as both serious and genuine, the system can be configured to take actions to mitigate risks such as (i) threat containment at a network level; (ii) initiate perimeter/Wi-Fi connection termination; (iii) isolate or suspend a user account based on malicious user activity.