{"id":9644,"date":"2020-04-24T00:00:00","date_gmt":"2020-04-24T06:00:00","guid":{"rendered":"https:\/\/swimlane.com\/resource\/responding-to-insider-threats-with-soar\/"},"modified":"2025-12-22T03:42:14","modified_gmt":"2025-12-22T10:42:14","slug":"repondre-aux-menaces-internes-avec-soar","status":"publish","type":"sw_resource","link":"https:\/\/swimlane.com\/fr\/blog\/responding-to-insider-threats-with-soar\/","title":{"rendered":"R\u00e9pondre aux menaces internes avec SOAR"},"content":{"rendered":"\n\n\n<section class=\"bs-section bs-section-f49668dca89a07af4c4bed27713f079b6839f643 bs-section---default bs-section--blog-inner-banner  \"><style>.bs-section.bs-section-f49668dca89a07af4c4bed27713f079b6839f643{ background-color: #000743;} <\/style><div class=\"container\">\n<div class=\"bs-row row  flex-md-row-reverse bs-row---default\">\n<div class=\" bs-column col-sm-12 col-md-12 col-lg-6   bs-column-3c02e72bbbdd27fbc2206a57dc520373f8b450b2 bs-column---default bs-column--right d-flex flex-column justify-content-end    \"><figure class=\"wp-block-post-featured-image\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/microsoft-oauth2-implementation-2.png\" class=\"attachment-post-thumbnail size-post-thumbnail wp-post-image\" alt=\"A close-up, high-angle shot of a developer writing code on a laptop in a modern workspace.\" style=\"object-fit:cover;\" srcset=\"https:\/\/swimlane.com\/wp-content\/uploads\/microsoft-oauth2-implementation-2.png 800w, https:\/\/swimlane.com\/wp-content\/uploads\/microsoft-oauth2-implementation-2-300x200.png 300w, https:\/\/swimlane.com\/wp-content\/uploads\/microsoft-oauth2-implementation-2-768x512.png 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/figure><\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-md-12 col-lg-6   bs-column-6a13826d98ae006805bf00373c567a95c3c65a9a bs-column---default d-flex flex-column    \"><div class=\"wp-block-post-date\"><time datetime=\"2020-04-24T00:00:00-06:00\">Avr 24, 2020<\/time><\/div>\n\n<h1 class=\"wp-block-post-title has-text-color has-white-color\">Responding to Insider Threats with SOAR<\/h1>\n\n\n<div class=\"bs-div bs-div-f106fb945b2c4610a440b9e5b4f63c0c1cbbec02 bs-div---default\"><div class=\"bs-div__inner d-flex flex-wrap align-items-center    \">\n<a class=\"bs-post__author has-text-align-center\" href=\"https:\/\/swimlane.com\/fr\/author\/Nick_Tausek\/\">\n\t<div class=\"profile-desc\">\n\t\t<figure>\n\t\t\t<img decoding=\"async\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/author_Nick_Tausek.jpg\" alt=\"user-avatar\">\n\t\t<\/figure>\n\t\t<span class=\"prefix\"><\/span>\n\t\t<span class=\"name\">\n\t\t\tNick Tausek\t\t<\/span>\n\t<\/div>\n<\/a>\n\n\n\n<div class=\"reading-time\">\n    <span class=\"reading-time__time\">3 <\/span> Minute Read\n<\/div><\/div><\/div>\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n\n\n\n\n\n\n<section class=\"bs-section bs-section-050e6505c2b06c7ce9ca858e2f56661a365e6ba8 bs-section---default bs-section--blog-inner-main-contents  \"><div class=\"container\">\n<div class=\"bs-row row justify-content-between  bs-row---default\">\n<div class=\" bs-column col-sm-12 col-md-1   bs-column-b9d738473a055284b615b4f50be5a383dfe4cc38 bs-column---default     \"><div class=\"heateor_sss_sharing_container heateor_sss_horizontal_sharing\" data-heateor-ss-offset=\"0\" data-heateor-sss-href='https:\/\/swimlane.com\/fr\/blog\/responding-to-insider-threats-with-soar\/'><div class=\"heateor_sss_sharing_ul\"><a aria-label=\"Email\" class=\"heateor_sss_email\" href=\"https:\/\/swimlane.com\/fr\/blog\/responding-to-insider-threats-with-soar\/\" onclick=\"event.preventDefault();window.open('mailto:?subject=' + decodeURIComponent('Responding%20to%20Insider%20Threats%20with%20SOAR').replace('&', '%26') + '&body=https%3A%2F%2Fswimlane.com%2Ffr%2Fblog%2Fresponding-to-insider-threats-with-soar%2F', '_blank')\" title=\"Email\" rel=\"noopener\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg\" style=\"background-color:#649a3f;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"-.75 -.5 36 36\"><path d=\"M 5.5 11 h 23 v 1 l -11 6 l -11 -6 v -1 m 0 2 l 11 6 l 11 -6 v 11 h -22 v -11\" stroke-width=\"1\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><a aria-label=\"Twitter\" class=\"heateor_sss_button_twitter\" href=\"https:\/\/twitter.com\/intent\/tweet?text=Responding%20to%20Insider%20Threats%20with%20SOAR&url=https%3A%2F%2Fswimlane.com%2Ffr%2Fblog%2Fresponding-to-insider-threats-with-soar%2F\" title=\"Twitter\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_twitter\" style=\"background-color:#55acee;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"-4 -4 39 39\"><path d=\"M28 8.557a9.913 9.913 0 0 1-2.828.775 4.93 4.93 0 0 0 2.166-2.725 9.738 9.738 0 0 1-3.13 1.194 4.92 4.92 0 0 0-3.593-1.55 4.924 4.924 0 0 0-4.794 6.049c-4.09-.21-7.72-2.17-10.15-5.15a4.942 4.942 0 0 0-.665 2.477c0 1.71.87 3.214 2.19 4.1a4.968 4.968 0 0 1-2.23-.616v.06c0 2.39 1.7 4.38 3.952 4.83-.414.115-.85.174-1.297.174-.318 0-.626-.03-.928-.086a4.935 4.935 0 0 0 4.6 3.42 9.893 9.893 0 0 1-6.114 2.107c-.398 0-.79-.023-1.175-.068a13.953 13.953 0 0 0 7.55 2.213c9.056 0 14.01-7.507 14.01-14.013 0-.213-.005-.426-.015-.637.96-.695 1.795-1.56 2.455-2.55z\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><a aria-label=\"Facebook\" class=\"heateor_sss_facebook\" href=\"https:\/\/www.facebook.com\/sharer\/sharer.php?u=https%3A%2F%2Fswimlane.com%2Ffr%2Fblog%2Fresponding-to-insider-threats-with-soar%2F\" title=\"Facebook\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg\" style=\"background-color:#0765FE;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path fill=\"#fff\" d=\"M28 16c0-6.627-5.373-12-12-12S4 9.373 4 16c0 5.628 3.875 10.35 9.101 11.647v-7.98h-2.474V16H13.1v-1.58c0-4.085 1.849-5.978 5.859-5.978.76 0 2.072.15 2.608.298v3.325c-.283-.03-.775-.045-1.386-.045-1.967 0-2.728.745-2.728 2.683V16h3.92l-.673 3.667h-3.247v8.245C23.395 27.195 28 22.135 28 16Z\"><\/path><\/svg><\/span><\/a><a aria-label=\"Linkedin\" class=\"heateor_sss_button_linkedin\" href=\"https:\/\/www.linkedin.com\/sharing\/share-offsite\/?url=https%3A%2F%2Fswimlane.com%2Ffr%2Fblog%2Fresponding-to-insider-threats-with-soar%2F\" title=\"Linkedin\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_linkedin\" style=\"background-color:#0077b5;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path d=\"M6.227 12.61h4.19v13.48h-4.19V12.61zm2.095-6.7a2.43 2.43 0 0 1 0 4.86c-1.344 0-2.428-1.09-2.428-2.43s1.084-2.43 2.428-2.43m4.72 6.7h4.02v1.84h.058c.56-1.058 1.927-2.176 3.965-2.176 4.238 0 5.02 2.792 5.02 6.42v7.395h-4.183v-6.56c0-1.564-.03-3.574-2.178-3.574-2.18 0-2.514 1.7-2.514 3.46v6.668h-4.187V12.61z\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><\/div><div class=\"heateorSssClear\"><\/div><\/div>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-lg-8 col-md-11   bs-column-5fcbee853797bef68c609dd2715f511e3ead78a3 bs-column---default bs-column--contents     \">\n<h2 class=\"wp-block-heading\">&nbsp;<\/h2>\n\n\n\n<p>Insider threats occur when an individual with ties to an organization misuses their access for malicious intent, such as stealing intellectual property or other data. Detecting insider threats can be difficult. But by using a security information and event management (SIEM) system or data loss prevention (DLP) products, you can create alerts to detect the exfiltration of data leaving your organization that is unauthorized or unexpected.<\/p>\n\n\n\n<p>Once you have detected these events, your security operations center (SOC) needs to investigate rapidly. Utilizing Swimlane and our <a href=\"https:\/\/swimlane.com\/resources\/webinar-soar-use-case-insider-threats\/\">Insider Threat Use Case<\/a>, you can investigate and respond to these insider threats swiftly and accurately.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/assets\/uploads\/images\/Insider-Threats-Use-Case_1.png\" alt=\"Dashboard with Map\"\/><\/figure>\n\n\n\n<p>Whether an alert is received from your SIEM or DLP product, Swimlane can ingest and begin investigating the alert automatically. The first step in this use case is automatically querying Active Directory for information about the user that generated the alert. Once that step is complete, Swimlane will automatically begin enrichment using multiple open-source intelligence (OSINT) and threat intelligence sources to determine the likelihood that the destination IP address is malicious (or known malicious).<\/p>\n\n\n\n<p>As a sample of different enrichment sources, this use case includes integrations with the following products:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>VirusTotal<\/li>\n\n\n\n<li>Hybrid Analysis<\/li>\n\n\n\n<li>AlienVault OTX<\/li>\n\n\n\n<li>Maltiverse<\/li>\n\n\n\n<li>ThreatMiner<\/li>\n\n\n\n<li>Apility<\/li>\n\n\n\n<li>IPINFO.io<\/li>\n\n\n\n<li>VirusTracker<\/li>\n<\/ul>\n\n\n\n<p>If you would like to add different sources, internal and external threat intelligence, you can add them using any of our 200+ integrations, and if we do not have an integration for your product, we probably have it in our backlog. You can also request an integration (our integrations team is excellent!).<\/p>\n\n\n\n<p>Using the results, Swimlane will tally and score the enrichment sources. Next, Swimlane queries your SIEM (Elastic in this example) to check for any other systems that may be communicating with this IP address. The combination of the enrichment sources score, as well as additional logs, generates a low, medium or high determination status. The following diagram outlines this process:<\/p>\n\n\n\n<figure class=\"wp-block-image c-figure--inline\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/assets\/uploads\/images\/Insider-Threats-Use-Case_2.png\" alt=\"\"\/><figcaption class=\"wp-element-caption\">Process for determining response actions.<\/figcaption><\/figure>\n\n\n\n<p>If the overall determination is considered m<em>edium,<\/em> Swimlane automatically sends automated email notifications to the desired parties, such as the incident response team. If the determination is considered h<em>igh<\/em>, Swimlane takes additional actions on top of sending the email notifications:<\/p>\n\n\n\n<figure class=\"wp-block-image c-figure--inline\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/assets\/uploads\/images\/Insider-Threats-Use-Case_3.png\" alt=\"\"\/><figcaption class=\"wp-element-caption\">If the overall user risk score is High, Swimlane performs additional actions.<\/figcaption><\/figure>\n\n\n\n<p>Swimlane will automatically disable the user\u2019s accounts in Active Directory and send notifications via email to the appropriate individuals defined by your organization. Finally, Swimlane will isolate this host using your EDR product (Carbon Black in this case). If any additional response and remediation efforts are needed\/wanted, you can add them to the workflow easily.<\/p>\n\n\n\n<p>As with all of our use cases, we have a predefined workflow for insider threat investigation and response that is easily modifiable to fit your organization\u2019s needs. If you would like to change the way the risk score is calculated, or set a weighted value on certain enrichment sources over others, you can do so easily. You can also easily make changes to the timing for when certain automated actions are performed (in addition to any other desired actions).<\/p>\n\n\n\n<p>Here is the <a href=\"https:\/\/swimlane.com\/resources\/webinar-soar-use-case-insider-threats\/\">Swimlane Insider Threat Use Case<\/a> workflow at a glance:<\/p>\n\n\n\n<figure class=\"wp-block-image c-figure--inline\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/assets\/uploads\/images\/Insider-Threats-Use-Case_4.png\" alt=\"\"\/><figcaption class=\"wp-element-caption\">Swimlane automatically queries Active Directory and performs enrichment using multiple OSINT integrations.<\/figcaption><\/figure>\n\n\n\n<p>Now that we&#8217;ve introduced you to the <a href=\"https:\/\/swimlane.com\/resources\/webinar-soar-use-case-insider-threats\/\">Insider Threat Use Case<\/a> workflows, it&#8217;s time to see the use case in action! Register for the <a href=\"https:\/\/swimlane.com\/resources\/webinar-soar-use-case-insider-threats\/\">upcoming Swimlane webinar<\/a> now!<\/p>\n\n\n\n<div class=\"bs-div bs-div-12a9a294b5ea5d0c166dd44eedf8353a5eea47f8 bs-div---default bs-div--blog-inner-download-guide\"><style>.bs-div.bs-div-12a9a294b5ea5d0c166dd44eedf8353a5eea47f8 {background-image: url(https:\/\/swimlane.com\/wp-content\/uploads\/2022\/10\/download-report.png); background-position: center center;\n    background-size: cover;} <\/style><div class=\"bs-div__inner d-flex flex-wrap justify-content-center  flex-md-row-reverse align-items-md-center justify-content-md-between flex-md-nowrap  \"><div class='media-elements bs-media-element---default enable'>    <div class='bs-common-image'>\n                            <figure class='figure justify-content-start d-flex'>\n                            <picture>\n                            \n                            <img src='https:\/\/swimlane.com\/wp-content\/uploads\/Webinar-InsiderThreats-Social-Twitter-1200x675-1.jpg' class='img-fluid'   alt='Swimlane webinar banner for SOAR Insider Threats use case event' title=''  \/>\n                            <\/picture>\n                                \n                            <\/figure>\n                        <\/div><\/div>\n\n\n<div class=\"bs-div bs-div-2aebcd1b2c11849d7c87d8462be32842b8c42b50 bs-div---default\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading has-white-color has-text-color\" id=\"h-soar-use-case-insider-threats\">SOAR Use Case: Insider Threats<\/h2>\n\n\n\n<p class=\"has-white-color has-text-color\">During this webinar, Security Research Engineer Josh Rickard and SOAR Evangelist Jay Spann will show you three use cases for SOAR to detect, analyze and respond to potential insider threats. <\/p>\n\n\n\n<span class=\"bs-pro-button bs-pro-button---default bs-pro-button--primary-with-arrow-small bs-pro-button-p-btn-d0f42e57d14dd3e9cf1dd355f6a3f18fb08b7cc5\"><style>.bs-pro-button-p-btn-d0f42e57d14dd3e9cf1dd355f6a3f18fb08b7cc5 .bs-pro-button__container {background-color: #abb8c3; color: #000000;}<\/style><a href=\"https:\/\/swimlane.com\/resources\/webinar-soar-use-case-insider-threats\/\" target=\"\" rel=\"noopener noreferrer\" class=\"bs-pro-button__container\">Register Now<\/a><\/span>\n<\/div><\/div>\n<\/div><\/div>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-md-12 col-lg-3   bs-column-4ffac197d945e44dadadc9d8f52ba4737135ba21 bs-column---default     \">\n<div class=\"bs-div bs-div-ffc71f24880cf5ca65c4a54e87fb14a656cc562d bs-div---default bs-div--tags\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading\" id=\"h-tags\">Tags<\/h2>\n\n\n<div class=\"post-tag-wrapper\">\n    <p><\/p><\/div>\n<\/div><\/div>\n\n\n\n<div class=\"bs-div bs-div-69c461f15bb5fa3fc09d1aa73a0e5865005218ff bs-div---default bs-div--related-posts\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading\" id=\"h-related-posts\">Related Posts<\/h2>\n\n\n\n<div class=\"bs-related-posts bs-related-posts-block---default\"><div class=\"bs-related-posts__container\"><div class=\"bs-related-posts__items\">\n<div class=\" bs-column col-sm-4   bs-column-4bb8c1b66cb5e72c43988fbaf017046daf38fc18 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69df21774c4a1 bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/fr\/blog\/insider-threat-detection\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>Oct 6, 2022<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>Guide to Insider Threats: Definition, Detection, Best Practices &#038; Tools<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n\n\n\n<div class=\" bs-column col-sm-4   bs-column-4bb8c1b66cb5e72c43988fbaf017046daf38fc18 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69df21774d464 bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/fr\/blog\/active-sensing-fabric\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>Juin 23, 2022<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>How to Respond to Threats Faster with Active Sensing Fabric<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n\n\n\n<div class=\" bs-column col-sm-4   bs-column-4bb8c1b66cb5e72c43988fbaf017046daf38fc18 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69df21774e0b7 bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/fr\/blog\/5-enterprise-mobile-device-security-threats\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>Nov 30, 2022<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>5 Threats to Your Enterprise Mobile Device Security and How to Prevent Them<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div>\n<\/div><\/div>\n\n\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n<section class=\"bs-section bs-section-2a4a600ae9ab197b6a4ccafe05152bf1a2fde1d1 bs-section---default bs-section--newsletter bs-section--common-marketo-form bs-section--common-marketo-form-two-columns  \"><style>.bs-section.bs-section-2a4a600ae9ab197b6a4ccafe05152bf1a2fde1d1{ background-color: #000743;} <\/style><div class=\"container-fluid\">\n<div class=\"bs-row row   bs-row---default\">\n<div class=\" bs-column col-sm-0 col-md-0 col-lg-6   bs-column-df5e10bef85c15055718b4d93887855962017939 bs-column---default     \">\n<h2 class=\"wp-block-heading has-white-color has-text-color\" id=\"requestor\">Request a Live Demo<\/h2>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-0 col-md-0 col-lg-6   bs-column-df5e10bef85c15055718b4d93887855962017939 bs-column---default     \"><div class='media-elements bs-media-element---default enable'>    <div class='bs-common-image'>\n                            <figure class='figure justify-content-start d-flex'>\n                            <picture>\n                            \n                            <img src='https:\/\/swimlane.com\/wp-content\/uploads\/liitp.svg' class='img-fluid'   alt='' title=''  \/>\n                            <\/picture>\n                                \n                            <\/figure>\n                        <\/div><\/div>\n\n<script src=\"\/\/pages.swimlane.com\/js\/forms2\/js\/forms2.min.js\"><\/script>\n<form id=\"mktoForm_1017\"><\/form>\n<script>\n    var embeddedFormId = '05a6905d0187a23e165b2fd995e965fe15cb94f6';\n    var marketoBaseUrl = '\/\/pages.swimlane.com';\n    var munchkinId = '978-QCM-390';\n    var formId = '1017';\n    var responseType = 'redirect';\n    var responseMessage = 'Thank you!';\n    var redirectURL = '';\n    var downloadFileURL = '';\n    var linkOpenType = '_self';\n    var popupVideo = 'url';\n    var popupVideoURL = '';\n    var popupVideoUploadURL = '';\n    MktoForms2.loadForm(marketoBaseUrl, munchkinId, formId, function(form) {\n        form.onSuccess(function(values, followUpUrl) {\n            document.getElementById(\"int_mktoForm_\" + formId).innerHTML = responseMessage;\n                    });\n    });\n<\/script>\n<div class=\"form-submit-note\" id=\"int_mktoForm_1017\"><\/div>\n<!-- Incluing form response options -->\n\n\n\n<script>\n    (function() {\n        \/\/ Please include the email domains you would like to block in this list\n        var invalidDomains = [\"@gmail.\", \"@yahoo.\", \"@hotmail.\", \"@live.\", \"@icloud.\",\"@aol.\", \"@outlook.\", \"@proton.\", \"@mailinator.\"];\n\n\n        MktoForms2.whenReady(function(form) {\n            form.onValidate(function() {\n                var email = form.vals().Email;\n                if (email) {\n                    if (!isEmailGood(email)) {\n                        form.submitable(false);\n                        var emailElem = form.getFormElem().find(\"#Email\");\n                        form.showErrorMessage(\"Must be Business email.\", emailElem);\n                    } else {\n                        form.submitable(true);\n                    }\n                }\n            });\n        });\n\n        function isEmailGood(email) {\n            for (var i = 0; i < invalidDomains.length; i++) {\n                var domain = invalidDomains[i];\n                if (email.indexOf(domain) != -1) {\n                    return false;\n                }\n            }\n            return true;\n        }\n\n\n    })(); \n<\/script>\n<\/div>\n<\/div>\n<\/div><\/section>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":22,"featured_media":9645,"template":"","meta":{"_acf_changed":false,"show_custom_date":false,"custom_date":"","featured":false,"featured_image":0,"learn_more_label":"","image_alt_text":"","learn_more_type":"","learn_more_link":[],"show_popup":false,"disable_iframe":false,"enable_lazy_loading":false,"learn_more_link_file":0,"event_date":false,"event_start_date":"","event_end_date":"","featured_page_list":[],"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","inline_featured_image":false,"footnotes":""},"tags":[],"resource-type":[67],"resource-topic":[],"resource-industry":[],"blog-category":[69,70,74],"class_list":["post-9644","sw_resource","type-sw_resource","status-publish","has-post-thumbnail","hentry","resource-type-blogs","blog-category-use-cases","blog-category-secops","blog-category-integrations"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.5 (Yoast SEO v27.1.1) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Investigating &amp; Responding to Insider Threats with SOAR<\/title>\n<meta name=\"description\" content=\"Learn how SOAR can help you investigate and respond to insider threats swiftly and accurately.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/swimlane.com\/fr\/blog\/repondre-aux-menaces-internes-avec-soar\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Responding to Insider Threats with SOAR\" \/>\n<meta property=\"og:description\" content=\"Learn how SOAR can help you investigate and respond to insider threats swiftly and accurately.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/swimlane.com\/fr\/blog\/repondre-aux-menaces-internes-avec-soar\/\" \/>\n<meta property=\"og:site_name\" content=\"AI Security Automation\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-22T10:42:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/swimlane.com\/wp-content\/uploads\/microsoft-oauth2-implementation-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"533\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@swimlane\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/swimlane.com\/fr\/blog\/responding-to-insider-threats-with-soar\/\",\"url\":\"https:\/\/swimlane.com\/fr\/blog\/responding-to-insider-threats-with-soar\/\",\"name\":\"Investigating & Responding to Insider Threats with SOAR\",\"isPartOf\":{\"@id\":\"https:\/\/swimlane.com\/fr\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/swimlane.com\/fr\/blog\/responding-to-insider-threats-with-soar\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/swimlane.com\/fr\/blog\/responding-to-insider-threats-with-soar\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/swimlane.com\/wp-content\/uploads\/microsoft-oauth2-implementation-2.png\",\"datePublished\":\"2020-04-24T06:00:00+00:00\",\"dateModified\":\"2025-12-22T10:42:14+00:00\",\"description\":\"Learn how SOAR can help you investigate and respond to insider threats swiftly and accurately.\",\"breadcrumb\":{\"@id\":\"https:\/\/swimlane.com\/fr\/blog\/responding-to-insider-threats-with-soar\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/swimlane.com\/fr\/blog\/responding-to-insider-threats-with-soar\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/swimlane.com\/fr\/blog\/responding-to-insider-threats-with-soar\/#primaryimage\",\"url\":\"https:\/\/swimlane.com\/wp-content\/uploads\/microsoft-oauth2-implementation-2.png\",\"contentUrl\":\"https:\/\/swimlane.com\/wp-content\/uploads\/microsoft-oauth2-implementation-2.png\",\"width\":800,\"height\":533,\"caption\":\"A close-up, high-angle shot of a developer writing code on a laptop in a modern workspace.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/swimlane.com\/fr\/blog\/responding-to-insider-threats-with-soar\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/swimlane.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Responding to Insider Threats with SOAR\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/swimlane.com\/fr\/#website\",\"url\":\"https:\/\/swimlane.com\/fr\/\",\"name\":\"Low-Code Security Automation & SOAR Platform | Swimlane\",\"description\":\"Agentic AI automation for every security function\",\"publisher\":{\"@id\":\"https:\/\/swimlane.com\/fr\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/swimlane.com\/fr\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/swimlane.com\/fr\/#organization\",\"name\":\"Low-Code Security Automation & SOAR Platform | Swimlane\",\"url\":\"https:\/\/swimlane.com\/fr\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/swimlane.com\/fr\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg\",\"contentUrl\":\"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg\",\"width\":912,\"height\":190,\"caption\":\"Low-Code Security Automation & SOAR Platform | Swimlane\"},\"image\":{\"@id\":\"https:\/\/swimlane.com\/fr\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/swimlane\",\"https:\/\/www.linkedin.com\/company\/swimlane\/\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Enqu\u00eater sur les menaces internes et y r\u00e9pondre avec SOAR","description":"D\u00e9couvrez comment SOAR peut vous aider \u00e0 enqu\u00eater et \u00e0 r\u00e9agir rapidement et pr\u00e9cis\u00e9ment aux menaces internes.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/swimlane.com\/fr\/blog\/repondre-aux-menaces-internes-avec-soar\/","og_locale":"fr_FR","og_type":"article","og_title":"Responding to Insider Threats with SOAR","og_description":"Learn how SOAR can help you investigate and respond to insider threats swiftly and accurately.","og_url":"https:\/\/swimlane.com\/fr\/blog\/repondre-aux-menaces-internes-avec-soar\/","og_site_name":"AI Security Automation","article_modified_time":"2025-12-22T10:42:14+00:00","og_image":[{"width":800,"height":533,"url":"https:\/\/swimlane.com\/wp-content\/uploads\/microsoft-oauth2-implementation-2.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_site":"@swimlane","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/swimlane.com\/fr\/blog\/responding-to-insider-threats-with-soar\/","url":"https:\/\/swimlane.com\/fr\/blog\/responding-to-insider-threats-with-soar\/","name":"Enqu\u00eater sur les menaces internes et y r\u00e9pondre avec SOAR","isPartOf":{"@id":"https:\/\/swimlane.com\/fr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/swimlane.com\/fr\/blog\/responding-to-insider-threats-with-soar\/#primaryimage"},"image":{"@id":"https:\/\/swimlane.com\/fr\/blog\/responding-to-insider-threats-with-soar\/#primaryimage"},"thumbnailUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/microsoft-oauth2-implementation-2.png","datePublished":"2020-04-24T06:00:00+00:00","dateModified":"2025-12-22T10:42:14+00:00","description":"D\u00e9couvrez comment SOAR peut vous aider \u00e0 enqu\u00eater et \u00e0 r\u00e9agir rapidement et pr\u00e9cis\u00e9ment aux menaces internes.","breadcrumb":{"@id":"https:\/\/swimlane.com\/fr\/blog\/responding-to-insider-threats-with-soar\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/swimlane.com\/fr\/blog\/responding-to-insider-threats-with-soar\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/swimlane.com\/fr\/blog\/responding-to-insider-threats-with-soar\/#primaryimage","url":"https:\/\/swimlane.com\/wp-content\/uploads\/microsoft-oauth2-implementation-2.png","contentUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/microsoft-oauth2-implementation-2.png","width":800,"height":533,"caption":"A close-up, high-angle shot of a developer writing code on a laptop in a modern workspace."},{"@type":"BreadcrumbList","@id":"https:\/\/swimlane.com\/fr\/blog\/responding-to-insider-threats-with-soar\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/swimlane.com\/"},{"@type":"ListItem","position":2,"name":"Responding to Insider Threats with SOAR"}]},{"@type":"WebSite","@id":"https:\/\/swimlane.com\/fr\/#website","url":"https:\/\/swimlane.com\/fr\/","name":"Plateforme d&#039;automatisation de la s\u00e9curit\u00e9 low-code et SOAR | Swimlane","description":"Automatisation par IA agentique pour chaque fonction de s\u00e9curit\u00e9","publisher":{"@id":"https:\/\/swimlane.com\/fr\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/swimlane.com\/fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/swimlane.com\/fr\/#organization","name":"Plateforme d&#039;automatisation de la s\u00e9curit\u00e9 low-code et SOAR | Swimlane","url":"https:\/\/swimlane.com\/fr\/","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/swimlane.com\/fr\/#\/schema\/logo\/image\/","url":"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg","contentUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg","width":912,"height":190,"caption":"Low-Code Security Automation & SOAR Platform | Swimlane"},"image":{"@id":"https:\/\/swimlane.com\/fr\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/swimlane","https:\/\/www.linkedin.com\/company\/swimlane\/"]}]}},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/sw_resource\/9644","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/sw_resource"}],"about":[{"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/types\/sw_resource"}],"author":[{"embeddable":true,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/users\/22"}],"version-history":[{"count":0,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/sw_resource\/9644\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/media\/9645"}],"wp:attachment":[{"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/media?parent=9644"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/tags?post=9644"},{"taxonomy":"resource-type","embeddable":true,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/resource-type?post=9644"},{"taxonomy":"resource-topic","embeddable":true,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/resource-topic?post=9644"},{"taxonomy":"resource-industry","embeddable":true,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/resource-industry?post=9644"},{"taxonomy":"blog-category","embeddable":true,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/blog-category?post=9644"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}