SOAR is short for Security Orchestration, Automation and Response. I like to describe it as a [[Continuous Integration and Delivery|CICD]] system attached to a case management system. Most implementations use [[Docker]] for running so-called playbooks. The playbooks can do anything you want. You could: - Send a message on Slack - Query a log repository and print the result as a HTML table - Trigger your smart [[Coffee]] maker early in the morning - [Eliminate toil](https://sre.google/sre-book/eliminating-toil/) (as in [[Site Reliability Engineering]]) Your imagination is the limit. One popular tool is [[Cortex XSOAR]] from Palo Alto Networks.