Scribd
Upload
6 views

Internship Presentation SOAR EDR (Copy 2)

The internship report presents the implementation of SOAR (Security Orchestration, Automation, and Response) and EDR (Endpoint Detection and Response) solutions to address cybersecurity challenges faced by Tunisie Telecom. The project aimed to automate incident response, improve threat management, and enhance visibility across security operations, resulting in reduced response times and manual errors. Key technologies discussed include Wazuh for log management, Shuffle for workflow automation, and TheHive for incident response management.

Uploaded by

Chaher e. Amamou
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
6 views

Internship Presentation SOAR EDR (Copy 2)

The internship report presents the implementation of SOAR (Security Orchestration, Automation, and Response) and EDR (Endpoint Detection and Response) solutions to address cybersecurity challenges faced by Tunisie Telecom. The project aimed to automate incident response, improve threat management, and enhance visibility across security operations, resulting in reduced response times and manual errors. Key technologies discussed include Wazuh for log management, Shuffle for workflow automation, and TheHive for incident response management.

Uploaded by

Chaher e. Amamou
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 16

Internship Report Presentation

Implementation of SOAR and EDR


Solutions
Presented by: [Your Name]
[Presentation Date]
Introduction
• - **Cybersecurity Challenges:**
• - Modern organizations face increasing cyber
threats.
• - Advanced Persistent Threats (APTs) are
becoming more sophisticated.
• - **Why Automation Matters:**
• - Manual threat detection is time-consuming
and prone to errors.
• - Automating incident response ensures
efficiency and consistency.
Host Organization
• - **Tunisie Telecom Overview:**
• - A leading telecommunications provider in
Tunisia.
• - Offers fixed, mobile, and internet services to
over 7 million subscribers.
• - **Key Statistics:**
• - Operates 24 regional directorates and
employs over 8,000 staff.
• - Focus on innovation and improving ICT
infrastructure in Tunisia.
Problematic
• - **Identified Challenges:**
• - Increasing sophistication of cyberattacks,
particularly APTs.
• - Delayed detection and response to security
incidents.
• - Fragmented security tools resulting in blind
spots.
• - **Project Goal:**
• - Address these challenges with automated
solutions.
Project Objectives
• - **Core Objectives:**
• - Integrate SOAR and EDR solutions for
improved threat management.
• - Automate repetitive security tasks to
reduce human error.
• - Centralize incident management and
improve response times.
• - **Key Benefits:**
• - Enhanced visibility across security
operations.
State of the Art: SOAR
• - **What is SOAR?**
• - Stands for Security Orchestration,
Automation, and Response.
• - Aims to streamline security operations by
connecting various tools.
• - **How SOAR Works:**
• - Orchestration, Automation, Response.
• - **Example:** A phishing email triggers a
playbook that blocks the sender and scans
affected systems.
State of the Art: EDR
• - **What is EDR?**
• - Stands for Endpoint Detection and
Response.
• - Focuses on monitoring and securing
endpoint devices.
• - **How EDR Works:**
• - Real-time monitoring, Threat detection,
Automated response.
• - **Example:** Detects ransomware
encrypting files and halts the process to
Technology Overview - Wazuh
• - **How Wazuh Works:**
• - Endpoint agents collect logs and send them
to the Wazuh manager.
• - Provides a centralized dashboard for
monitoring and reporting.
• - **Key Features:**
• - Intrusion detection, Real-time alerts,
Scalable open-source platform.
Technology Overview - Shuffle
• - **How Shuffle Works:**
• - Drag-and-drop interface to design
automated workflows.
• - Integrates with security tools like Wazuh
and TheHive using APIs.
• - **Key Features:**
• - Simplifies automation without advanced
coding.
• - Supports hundreds of integrations.
Technology Overview - TheHive
• - **How TheHive Works:**
• - Incident response platform for managing
and collaborating on cases.
• - Integrates with Cortex to enrich incident
data.
• - **Key Features:**
• - Real-time collaboration, Custom
dashboards, Exportable reports.
Implementation - Wazuh
Configuration
• - **Configuration Process:**
• - Install the Wazuh manager and agents on
endpoints.
• - Set up alert rules to detect threats (e.g., SSH
brute-force attempts).
• - Configure the dashboard for real-time
visualization of alerts.
Implementation - Shuffle
Configuration
• - **Configuration Process:**
• - Deploy Shuffle using Docker.
• - Design workflows to process alerts from
Wazuh and trigger actions in TheHive.
• - Integrate Shuffle with external tools
through APIs.
Implementation - TheHive
Configuration
• - **Configuration Process:**
• - Install prerequisites like Java, Cassandra,
and Elasticsearch.
• - Set up TheHive with custom templates and
dashboards.
• - Integrate Cortex analyzers for automatic
data enrichment.
Workflow Overview
• - **Automating Security Operations:**
• - Alerts from Wazuh trigger workflows in
Shuffle.
• - Shuffle processes alerts and creates cases in
TheHive.
• - Cortex enriches cases with actionable
intelligence.
• - **Example Workflow:**
• - Wazuh detects a failed SSH login attempt.
Results and Key Insights
• - **Project Outcomes:**
• - Seamless integration of SOAR and EDR
solutions.
• - Automation significantly reduced response
times and manual errors.
• - Improved visibility and collaboration across
security tools.
• - **Challenges Addressed:**
• - Overcame integration complexities.
Conclusion
• - **Key Takeaways:**
• - SOAR and EDR solutions enhance modern
cybersecurity frameworks.
• - Automation reduces the burden on security
teams.
• - Centralized management improves
coordination and decision-making.
• - **Future Recommendations:**
• - Expand integrations to include SIEM
platforms.

You might also like