Ep09 - Security Blueline (Q&A) with “Dr Stu” 2

In this second segment we cover question from community members around integration of RBA with other technologies.

“SOARing in Seattle” 

We wanted to implement/improve our SOAR playbooks before we do RBA, is there anything we should know? 

“SNOWing in San Diego” 

I am sending our alerts from ES to ServiceNow so our analysts can work the tickets. We are struggling with how to make this effective with RBA alerts for the analysts. How can we make this better for them? 

“TIPing in Topeka” 

We have purchased a threat intel service but the result are overwhelming for our SOC. We think RBA would be great for this but how do we implement it.