{"id":9807,"date":"2018-03-13T16:14:00","date_gmt":"2018-03-13T22:14:00","guid":{"rendered":"https:\/\/swimlane.com\/resource\/siem-alert-triage\/"},"modified":"2026-04-06T04:22:26","modified_gmt":"2026-04-06T10:22:26","slug":"siem-alarm-triage","status":"publish","type":"sw_resource","link":"https:\/\/swimlane.com\/de\/blog\/siem-alert-triage\/","title":{"rendered":"Einsatz von Sicherheitsautomatisierung und -orchestrierung f\u00fcr die SIEM-Triage"},"content":{"rendered":"\n\n\n<section class=\"bs-section bs-section-50ac0cc438dbf2f3b380783c05a3c736bb0670e7 bs-section---default bs-section--blog-inner-banner  \"><style>.bs-section.bs-section-50ac0cc438dbf2f3b380783c05a3c736bb0670e7{ background-color: #000743;} <\/style><div class=\"container\">\n<div class=\"bs-row row  flex-md-row-reverse bs-row---default\">\n<div class=\" bs-column col-sm-12 col-md-12 col-lg-6   bs-column-6770b3369b6c61539d3140cb52ed6bc5ec393625 bs-column---default bs-column--right d-flex flex-column justify-content-end    \"><figure class=\"wp-block-post-featured-image\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/03.13.18-SIEM-Triage-and-SOAR.png\" class=\"attachment-post-thumbnail size-post-thumbnail wp-post-image\" alt=\"Emergency siren against modern building backdrop symbolizing threat detection and incident alert management\" style=\"object-fit:cover;\" srcset=\"https:\/\/swimlane.com\/wp-content\/uploads\/03.13.18-SIEM-Triage-and-SOAR.png 1120w, https:\/\/swimlane.com\/wp-content\/uploads\/03.13.18-SIEM-Triage-and-SOAR-300x186.png 300w, https:\/\/swimlane.com\/wp-content\/uploads\/03.13.18-SIEM-Triage-and-SOAR-1024x636.png 1024w, https:\/\/swimlane.com\/wp-content\/uploads\/03.13.18-SIEM-Triage-and-SOAR-768x477.png 768w\" sizes=\"(max-width: 1120px) 100vw, 1120px\" \/><\/figure><\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-md-12 col-lg-6   bs-column-2ba18c9b6304620af4785b54fe900bf0ce0fc4d5 bs-column---default d-flex flex-column    \"><div class=\"wp-block-post-date\"><time datetime=\"2018-03-13T16:14:00-06:00\">M\u00e4rz 13, 2018<\/time><\/div>\n\n<h1 class=\"wp-block-post-title has-text-color has-white-color\">Using security automation and orchestration for SIEM triage<\/h1>\n\n\n<div class=\"bs-div bs-div-44a15e4b99450b7aaf810333a0fbaa4ff5112133 bs-div---default\"><div class=\"bs-div__inner d-flex flex-wrap align-items-center    \">\n<a class=\"bs-post__author has-text-align-center\" href=\"https:\/\/swimlane.com\/de\/author\/Katie_Bykowski\/\">\n\t<div class=\"profile-desc\">\n\t\t<figure>\n\t\t\t<img decoding=\"async\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/author_Katie_Bykowski.jpg\" alt=\"user-avatar\">\n\t\t<\/figure>\n\t\t<span class=\"prefix\"><\/span>\n\t\t<span class=\"name\">\n\t\t\tKatie Bykowski\t\t<\/span>\n\t<\/div>\n<\/a>\n\n\n\n<div class=\"reading-time\">\n    <span class=\"reading-time__time\">3 <\/span> Minute Read\n<\/div><\/div><\/div>\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n\n\n\n\n\n\n<section class=\"bs-section bs-section-205a03f93391472c82564395e3b5684e68c8ef7d bs-section---default bs-section--blog-inner-main-contents  \"><div class=\"container\">\n<div class=\"bs-row row justify-content-between  bs-row---default\">\n<div class=\" bs-column col-sm-12 col-md-1   bs-column-fa02c15a19a9c2952663733986e45d4eef708638 bs-column---default     \"><div class=\"heateor_sss_sharing_container heateor_sss_horizontal_sharing\" data-heateor-ss-offset=\"0\" data-heateor-sss-href='https:\/\/swimlane.com\/de\/blog\/siem-alert-triage\/'><div class=\"heateor_sss_sharing_ul\"><a aria-label=\"Email\" class=\"heateor_sss_email\" href=\"https:\/\/swimlane.com\/de\/blog\/siem-alert-triage\/\" onclick=\"event.preventDefault();window.open('mailto:?subject=' + decodeURIComponent('Using%20security%20automation%20and%20orchestration%20for%20SIEM%20triage').replace('&', '%26') + '&body=https%3A%2F%2Fswimlane.com%2Fde%2Fblog%2Fsiem-alert-triage%2F', '_blank')\" title=\"Email\" rel=\"noopener\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg\" style=\"background-color:#649a3f;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"-.75 -.5 36 36\"><path d=\"M 5.5 11 h 23 v 1 l -11 6 l -11 -6 v -1 m 0 2 l 11 6 l 11 -6 v 11 h -22 v -11\" stroke-width=\"1\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><a aria-label=\"Twitter\" class=\"heateor_sss_button_twitter\" href=\"https:\/\/twitter.com\/intent\/tweet?text=Using%20security%20automation%20and%20orchestration%20for%20SIEM%20triage&url=https%3A%2F%2Fswimlane.com%2Fde%2Fblog%2Fsiem-alert-triage%2F\" title=\"Twitter\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_twitter\" style=\"background-color:#55acee;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"-4 -4 39 39\"><path d=\"M28 8.557a9.913 9.913 0 0 1-2.828.775 4.93 4.93 0 0 0 2.166-2.725 9.738 9.738 0 0 1-3.13 1.194 4.92 4.92 0 0 0-3.593-1.55 4.924 4.924 0 0 0-4.794 6.049c-4.09-.21-7.72-2.17-10.15-5.15a4.942 4.942 0 0 0-.665 2.477c0 1.71.87 3.214 2.19 4.1a4.968 4.968 0 0 1-2.23-.616v.06c0 2.39 1.7 4.38 3.952 4.83-.414.115-.85.174-1.297.174-.318 0-.626-.03-.928-.086a4.935 4.935 0 0 0 4.6 3.42 9.893 9.893 0 0 1-6.114 2.107c-.398 0-.79-.023-1.175-.068a13.953 13.953 0 0 0 7.55 2.213c9.056 0 14.01-7.507 14.01-14.013 0-.213-.005-.426-.015-.637.96-.695 1.795-1.56 2.455-2.55z\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><a aria-label=\"Facebook\" class=\"heateor_sss_facebook\" href=\"https:\/\/www.facebook.com\/sharer\/sharer.php?u=https%3A%2F%2Fswimlane.com%2Fde%2Fblog%2Fsiem-alert-triage%2F\" title=\"Facebook\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg\" style=\"background-color:#0765FE;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path fill=\"#fff\" d=\"M28 16c0-6.627-5.373-12-12-12S4 9.373 4 16c0 5.628 3.875 10.35 9.101 11.647v-7.98h-2.474V16H13.1v-1.58c0-4.085 1.849-5.978 5.859-5.978.76 0 2.072.15 2.608.298v3.325c-.283-.03-.775-.045-1.386-.045-1.967 0-2.728.745-2.728 2.683V16h3.92l-.673 3.667h-3.247v8.245C23.395 27.195 28 22.135 28 16Z\"><\/path><\/svg><\/span><\/a><a aria-label=\"Linkedin\" class=\"heateor_sss_button_linkedin\" href=\"https:\/\/www.linkedin.com\/sharing\/share-offsite\/?url=https%3A%2F%2Fswimlane.com%2Fde%2Fblog%2Fsiem-alert-triage%2F\" title=\"Linkedin\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_linkedin\" style=\"background-color:#0077b5;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path d=\"M6.227 12.61h4.19v13.48h-4.19V12.61zm2.095-6.7a2.43 2.43 0 0 1 0 4.86c-1.344 0-2.428-1.09-2.428-2.43s1.084-2.43 2.428-2.43m4.72 6.7h4.02v1.84h.058c.56-1.058 1.927-2.176 3.965-2.176 4.238 0 5.02 2.792 5.02 6.42v7.395h-4.183v-6.56c0-1.564-.03-3.574-2.178-3.574-2.18 0-2.514 1.7-2.514 3.46v6.668h-4.187V12.61z\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><\/div><div class=\"heateorSssClear\"><\/div><\/div>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-lg-8 col-md-11   bs-column-0d83d6d9863f92131cc95492d42e5b50c72f00bb bs-column---default bs-column--contents     \">\n<h2><\/h2>\n<p>With increasing cyber threats, more organizations are using a variety of tools to monitor and manage security. Security information and event management (SIEM) systems are popular solutions that promise to monitor and alert your security operations (SecOps) team of potential threats.<\/p>\n<h3>SIEM Systems Produce Too Many Alerts<\/h3>\n<p>The reality is that although SIEM systems deliver on their promise of alerting security teams of all potential risks \u2013 they tend to produce too many alerts. As a result, security teams are bombarded with upwards of 150,000 alerts per day of which only 1% are actually investigated.<\/p>\n<h4>The problem: Current alert triage and security alert management processes are faulty<\/h4>\n<p>Many organizations rely on faulty alert triage methods and alert management processes to determine whether or not a threat should be investigated. This makes many organizations <em>feel<\/em> like they are on top of managing alerts but SecOps teams could be missing <em>real<\/em> threats that utilize lesser known cyberattack strategies and thus get lost in the triage process.<\/p>\n<p>Under these current processes:<\/p>\n<ul>\n<li>It is logistically impossible to review and investigate <strong><em>all<\/em><\/strong> alerts.<\/li>\n<li>Investigation and review processes are inconsistent and unable to change with the ever-evolving threat landscape.<\/li>\n<li>It\u2019s difficult to integrate all the necessary tools needed to provide alert context, significantly increasing the manual work and time it takes for thorough investigations.<\/li>\n<li>With informal processes and constant staff turnover, there is loss of critical tribal knowledge with every employee replacement.<\/li>\n<li>Organizations struggle to stay compliant with the latest regulations.<\/li>\n<\/ul>\n<p>Every alert that goes uninvestigated <em>could<\/em> lead to a breach, so what can organizations do to handle the massive volume of alerts? Use security <a href=\"https:\/\/swimlane.com\/blog\/security-automation\">automation<\/a> and <a href=\"https:\/\/swimlane.com\/blog\/security-orchestration\">orchestration<\/a> (SAO) for improved alert triage.<\/p>\n<h3>Security automation and orchestration for alert triage<\/h3>\n<p>SAO improves alert triage efficiency by automating manual tasks and centralizing alert information into a single platform. Your SecOps team can use these tools to reduce risk, increase threat protection, and easily respond to <strong><em>all<\/em><\/strong> of your SIEM alerts.<\/p>\n<blockquote>\n<p>Improve security operations by automating manual tasks and centralizing operations.<\/p>\n<\/blockquote>\n<h3>Automate manual, repetitive tasks<\/h3>\n<p>As much as 80-90% of the incident response process can be automated, making it possible to address <em>more<\/em> alerts in the <em>same<\/em> amount of time with <a href=\"https:\/\/swimlane.com\/blog\/security-operations-efficiency\">your <em>existing<\/em> staff<\/a>. Automating just a few or all of the steps in your alert management process can help save a few minutes for each alert, which significantly increases productivity.<\/p>\n<p>What\u2019s more, with less time spent on manual investigations, employees can focus their efforts on advanced threats, spend time implementing new security strategies and protocols to prevent future attacks, or conduct proactive threat hunting.<\/p>\n<h3>Centralize alert information<\/h3>\n<p>Disparate tools make it harder to investigate alerts as SecOps employees are forced to switch between tabs and windows to understand what triggered an alert. SAO connects security tools and consolidates data across platforms for better contextual understanding of specific alerts as well as a comprehensive picture of security throughout the organization.<\/p>\n<p>Customizable dashboards allow teams to collect data in the way that optimizes their workflow and addresses their top concerns. They can help monitor the:<\/p>\n<ul>\n<li>Phishing email box<\/li>\n<li>Intrusion detection system (IDS)<\/li>\n<li>Outputs from the SIEM system<\/li>\n<li>\u2026and more<\/li>\n<\/ul>\n<h3>The Swimlane SAO solution<\/h3>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignright size-medium wp-image-3441\" src=\"https:\/\/swimlane.com\/assets\/uploads\/images\/wp\/2018\/03\/alert-triage-SAO-work-300x200.jpg\" alt=\"alert triage - SAO - work\" width=\"300\" height=\"200\">Swimlane offers a comprehensive SAO solution to significantly improve alert triage processes and incident alert management. Your team can finally take a breath using tools that help them prioritize and manage alerts without compromising security. Swimlane allows organizations to easily:<\/p>\n<ul>\n<li>Automate time-consuming tasks associated with alert investigation and management.<\/li>\n<li>Centralize all security operations using real-time dashboards for a more comprehensive view of the state-of-security.<\/li>\n<li>Standardize, scale, and change processes as your company grows and as cyber threats continue to evolve.<\/li>\n<li>Optimize threat response and reduce the mean time to resolution (MTTR) with improved threat intelligence.<\/li>\n<\/ul>\n<p>Swimlane\u2019s security automation and orchestration solution helps increase efficiency by addressing <u>every<\/u> alert without adding overhead.<\/p>\n<p>Are you ready to improve your alert triage processes using SAO? <a href=\"https:\/\/swimlane.com\/demo\/?utm_source=blog&amp;utm_medium=blog-post&amp;utm_campaign=use-cases-ebook&amp;utm_content=pillar-SIEM-triage\">Schedule a personalized demo<\/a>.<\/p>\n<p>For more information about the ways you can use Swimlane to improve your security processes download our e-book &#8211; <em><a href=\"https:\/\/swimlane.com\/sao-use-cases-ebook\/\">8 Real World Use Cases for Security Orchestration, Automation and Response (SOAR).<\/a><\/em><\/p>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-md-12 col-lg-3   bs-column-0ad64702520e52820989c3b8a4a5574abd826112 bs-column---default     \">\n<div class=\"bs-div bs-div-f0851be86a4542da358c10ec17ccebffa17efe07 bs-div---default bs-div--tags\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading\" id=\"h-tags\">Tags<\/h2>\n\n\n<div class=\"post-tag-wrapper\">\n    <p><a href='https:\/\/swimlane.com\/de\/tag\/soar\/'><span class='tag-content'>SOAR<\/span><\/a><\/p><\/div>\n<\/div><\/div>\n\n\n\n<div class=\"bs-div bs-div-5e7267355d8caf36f5b5e0c86eef387b664b848d bs-div---default bs-div--related-posts\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading\" id=\"h-related-posts\">Related Posts<\/h2>\n\n\n\n<div class=\"bs-related-posts bs-related-posts-block---default\"><div class=\"bs-related-posts__container\"><div class=\"bs-related-posts__items\">\n<div class=\" bs-column col-sm-4   bs-column-b619eb984092e720779a969a873521d2ec1a85a5 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69eaa4e13119e bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/de\/blog\/incident-alert-management\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>Okt. 11, 2017<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>Using security automation and orchestration for incident alert management<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n\n\n\n<div class=\" bs-column col-sm-4   bs-column-b619eb984092e720779a969a873521d2ec1a85a5 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69eaa4e1321d9 bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/de\/blog\/the-past-present-and-future-of-soar-current-state-of-the-soc\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>Jan. 9, 2020<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>State of the SOC and Using SIEM<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n\n\n\n<div class=\" bs-column col-sm-4   bs-column-b619eb984092e720779a969a873521d2ec1a85a5 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69eaa4e13333c bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/de\/blog\/security-orchestration\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>Aug. 16, 2017<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>Security Orchestration | What is Security Orchestration?<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div>\n<\/div><\/div>\n\n\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n<section class=\"bs-section bs-section-2a4a600ae9ab197b6a4ccafe05152bf1a2fde1d1 bs-section---default bs-section--newsletter bs-section--common-marketo-form bs-section--common-marketo-form-two-columns  \"><style>.bs-section.bs-section-2a4a600ae9ab197b6a4ccafe05152bf1a2fde1d1{ background-color: #000743;} <\/style><div class=\"container-fluid\">\n<div class=\"bs-row row   bs-row---default\">\n<div class=\" bs-column col-sm-0 col-md-0 col-lg-6   bs-column-df5e10bef85c15055718b4d93887855962017939 bs-column---default     \">\n<h2 class=\"wp-block-heading has-white-color has-text-color\" id=\"requestor\">Request a Live Demo<\/h2>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-0 col-md-0 col-lg-6   bs-column-df5e10bef85c15055718b4d93887855962017939 bs-column---default     \"><div class='media-elements bs-media-element---default enable'>    <div class='bs-common-image'>\n                            <figure class='figure justify-content-start d-flex'>\n                            <picture>\n                            \n                            <img src='https:\/\/swimlane.com\/wp-content\/uploads\/liitp.svg' class='img-fluid'   alt='' title=''  \/>\n                            <\/picture>\n                                \n                            <\/figure>\n                        <\/div><\/div>\n\n<script src=\"\/\/pages.swimlane.com\/js\/forms2\/js\/forms2.min.js\"><\/script>\n<form id=\"mktoForm_1017\"><\/form>\n<script>\n    var embeddedFormId = '05a6905d0187a23e165b2fd995e965fe15cb94f6';\n    var marketoBaseUrl = '\/\/pages.swimlane.com';\n    var munchkinId = '978-QCM-390';\n    var formId = '1017';\n    var responseType = 'redirect';\n    var responseMessage = 'Thank you!';\n    var redirectURL = '';\n    var downloadFileURL = '';\n    var linkOpenType = '_self';\n    var popupVideo = 'url';\n    var popupVideoURL = '';\n    var popupVideoUploadURL = '';\n    MktoForms2.loadForm(marketoBaseUrl, munchkinId, formId, function(form) {\n        form.onSuccess(function(values, followUpUrl) {\n            document.getElementById(\"int_mktoForm_\" + formId).innerHTML = responseMessage;\n                    });\n    });\n<\/script>\n<div class=\"form-submit-note\" id=\"int_mktoForm_1017\"><\/div>\n<!-- Incluing form response options -->\n\n\n\n<script>\n    (function() {\n        \/\/ Please include the email domains you would like to block in this list\n        var invalidDomains = [\"@gmail.\", \"@yahoo.\", \"@hotmail.\", \"@live.\", \"@icloud.\",\"@aol.\", \"@outlook.\", \"@proton.\", \"@mailinator.\"];\n\n\n        MktoForms2.whenReady(function(form) {\n            form.onValidate(function() {\n                var email = form.vals().Email;\n                if (email) {\n                    if (!isEmailGood(email)) {\n                        form.submitable(false);\n                        var emailElem = form.getFormElem().find(\"#Email\");\n                        form.showErrorMessage(\"Must be Business email.\", emailElem);\n                    } else {\n                        form.submitable(true);\n                    }\n                }\n            });\n        });\n\n        function isEmailGood(email) {\n            for (var i = 0; i < invalidDomains.length; i++) {\n                var domain = invalidDomains[i];\n                if (email.indexOf(domain) != -1) {\n                    return false;\n                }\n            }\n            return true;\n        }\n\n\n    })(); \n<\/script>\n<\/div>\n<\/div>\n<\/div><\/section>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":5,"featured_media":9808,"template":"","meta":{"_acf_changed":false,"show_custom_date":false,"custom_date":"","featured":false,"featured_image":0,"learn_more_label":"","image_alt_text":"","learn_more_type":"","learn_more_link":[],"show_popup":false,"disable_iframe":false,"enable_lazy_loading":false,"learn_more_link_file":0,"event_date":false,"event_start_date":"","event_end_date":"","featured_page_list":[],"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","inline_featured_image":false,"footnotes":""},"tags":[89],"resource-type":[67],"resource-topic":[],"resource-industry":[],"blog-category":[],"class_list":["post-9807","sw_resource","type-sw_resource","status-publish","has-post-thumbnail","hentry","tag-soar","resource-type-blogs"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.5 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Using security automation and orchestration in SIEM triage actions<\/title>\n<meta name=\"description\" content=\"SIEM solutions help protect your organization but produce an abundance of alters. Learn how you can improve your alert triage processes\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/swimlane.com\/de\/blog\/siem-alarm-triage\/\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Using security automation and orchestration for SIEM triage\" \/>\n<meta property=\"og:description\" content=\"SIEM solutions help protect your organization but produce an abundance of alters. Learn how you can improve your alert triage processes\" \/>\n<meta property=\"og:url\" content=\"https:\/\/swimlane.com\/de\/blog\/siem-alarm-triage\/\" \/>\n<meta property=\"og:site_name\" content=\"AI Security Automation\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-06T10:22:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/swimlane.com\/wp-content\/uploads\/03.13.18-SIEM-Triage-and-SOAR.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1120\" \/>\n\t<meta property=\"og:image:height\" content=\"696\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@swimlane\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4\u00a0Minuten\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Einsatz von Sicherheitsautomatisierung und -orchestrierung in SIEM-Triage-Aktionen","description":"SIEM-L\u00f6sungen sch\u00fctzen Ihr Unternehmen, erzeugen aber eine Vielzahl von Benachrichtigungen. Erfahren Sie, wie Sie Ihre Alarmpriorisierungsprozesse verbessern k\u00f6nnen.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/swimlane.com\/de\/blog\/siem-alarm-triage\/","og_locale":"de_DE","og_type":"article","og_title":"Using security automation and orchestration for SIEM triage","og_description":"SIEM solutions help protect your organization but produce an abundance of alters. Learn how you can improve your alert triage processes","og_url":"https:\/\/swimlane.com\/de\/blog\/siem-alarm-triage\/","og_site_name":"AI Security Automation","article_modified_time":"2026-04-06T10:22:26+00:00","og_image":[{"width":1120,"height":696,"url":"https:\/\/swimlane.com\/wp-content\/uploads\/03.13.18-SIEM-Triage-and-SOAR.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_site":"@swimlane","twitter_misc":{"Est. reading time":"4\u00a0Minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/swimlane.com\/de\/blog\/siem-alert-triage\/","url":"https:\/\/swimlane.com\/de\/blog\/siem-alert-triage\/","name":"Einsatz von Sicherheitsautomatisierung und -orchestrierung in SIEM-Triage-Aktionen","isPartOf":{"@id":"https:\/\/swimlane.com\/de\/#website"},"primaryImageOfPage":{"@id":"https:\/\/swimlane.com\/de\/blog\/siem-alert-triage\/#primaryimage"},"image":{"@id":"https:\/\/swimlane.com\/de\/blog\/siem-alert-triage\/#primaryimage"},"thumbnailUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/03.13.18-SIEM-Triage-and-SOAR.png","datePublished":"2018-03-13T22:14:00+00:00","dateModified":"2026-04-06T10:22:26+00:00","description":"SIEM-L\u00f6sungen sch\u00fctzen Ihr Unternehmen, erzeugen aber eine Vielzahl von Benachrichtigungen. Erfahren Sie, wie Sie Ihre Alarmpriorisierungsprozesse verbessern k\u00f6nnen.","breadcrumb":{"@id":"https:\/\/swimlane.com\/de\/blog\/siem-alert-triage\/#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/swimlane.com\/de\/blog\/siem-alert-triage\/"]}]},{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/swimlane.com\/de\/blog\/siem-alert-triage\/#primaryimage","url":"https:\/\/swimlane.com\/wp-content\/uploads\/03.13.18-SIEM-Triage-and-SOAR.png","contentUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/03.13.18-SIEM-Triage-and-SOAR.png","width":1120,"height":696,"caption":"Emergency siren against modern building backdrop symbolizing threat detection and incident alert management"},{"@type":"BreadcrumbList","@id":"https:\/\/swimlane.com\/de\/blog\/siem-alert-triage\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/swimlane.com\/"},{"@type":"ListItem","position":2,"name":"Using security automation and orchestration for SIEM triage"}]},{"@type":"WebSite","@id":"https:\/\/swimlane.com\/de\/#website","url":"https:\/\/swimlane.com\/de\/","name":"Low-Code Sicherheitsautomatisierung &amp; SOAR-Plattform | Swimlane","description":"Agentische KI-Automatisierung f\u00fcr jede Sicherheitsfunktion","publisher":{"@id":"https:\/\/swimlane.com\/de\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/swimlane.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de"},{"@type":"Organization","@id":"https:\/\/swimlane.com\/de\/#organization","name":"Low-Code Sicherheitsautomatisierung &amp; SOAR-Plattform | Swimlane","url":"https:\/\/swimlane.com\/de\/","logo":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/swimlane.com\/de\/#\/schema\/logo\/image\/","url":"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg","contentUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg","width":912,"height":190,"caption":"Low-Code Security Automation & SOAR Platform | Swimlane"},"image":{"@id":"https:\/\/swimlane.com\/de\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/swimlane","https:\/\/www.linkedin.com\/company\/swimlane\/"]}]}},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/sw_resource\/9807","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/sw_resource"}],"about":[{"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/types\/sw_resource"}],"author":[{"embeddable":true,"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/users\/5"}],"version-history":[{"count":1,"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/sw_resource\/9807\/revisions"}],"predecessor-version":[{"id":55516,"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/sw_resource\/9807\/revisions\/55516"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/media\/9808"}],"wp:attachment":[{"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/media?parent=9807"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/tags?post=9807"},{"taxonomy":"resource-type","embeddable":true,"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/resource-type?post=9807"},{"taxonomy":"resource-topic","embeddable":true,"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/resource-topic?post=9807"},{"taxonomy":"resource-industry","embeddable":true,"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/resource-industry?post=9807"},{"taxonomy":"blog-category","embeddable":true,"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/blog-category?post=9807"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}