{"id":9305,"date":"2022-12-22T07:00:00","date_gmt":"2022-12-22T14:00:00","guid":{"rendered":"https:\/\/swimlane.com\/resource\/automating-dfir-with-soar\/"},"modified":"2024-06-27T12:00:36","modified_gmt":"2024-06-27T18:00:36","slug":"soar%e3%81%a7dfir%e3%82%92%e8%87%aa%e5%8b%95%e5%8c%96%e3%81%99%e3%82%8b","status":"publish","type":"sw_resource","link":"https:\/\/swimlane.com\/ja\/blog\/automating-dfir-with-soar\/","title":{"rendered":"DFIR\u306e\u81ea\u52d5\u5316\u306b\u3064\u3044\u3066\u77e5\u3063\u3066\u304a\u304f\u3079\u304d\u3053\u3068\u3059\u3079\u3066"},"content":{"rendered":"\n<section class=\"bs-section bs-section-f49668dca89a07af4c4bed27713f079b6839f643 bs-section---default bs-section--blog-inner-banner  \"><style>.bs-section.bs-section-f49668dca89a07af4c4bed27713f079b6839f643{ background-color: #000743;} <\/style><div class=\"container\">\n<div class=\"bs-row row  flex-md-row-reverse bs-row---default\">\n<div class=\" bs-column col-sm-12 col-md-12 col-lg-6   bs-column-3c02e72bbbdd27fbc2206a57dc520373f8b450b2 bs-column---default bs-column--right d-flex flex-column justify-content-end    \"><figure class=\"wp-block-post-featured-image\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/DFIR-1.png\" class=\"attachment-post-thumbnail size-post-thumbnail wp-post-image\" alt=\"Neon fingerprint visuals representing digital identity and biometric security\" style=\"object-fit:cover;\" srcset=\"https:\/\/swimlane.com\/wp-content\/uploads\/DFIR-1.png 1120w, https:\/\/swimlane.com\/wp-content\/uploads\/DFIR-1-300x182.png 300w, https:\/\/swimlane.com\/wp-content\/uploads\/DFIR-1-1024x621.png 1024w, https:\/\/swimlane.com\/wp-content\/uploads\/DFIR-1-768x466.png 768w\" sizes=\"(max-width: 1120px) 100vw, 1120px\" \/><\/figure><\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-md-12 col-lg-6   bs-column-6a13826d98ae006805bf00373c567a95c3c65a9a bs-column---default d-flex flex-column    \"><div class=\"wp-block-post-date\"><time datetime=\"2022-12-22T07:00:00-07:00\">12\u6708 22, 2022<\/time><\/div>\n\n<h1 class=\"wp-block-post-title has-text-color has-white-color\">Everything You Need to Know About Automating DFIR<\/h1>\n\n\n<div class=\"bs-div bs-div-f106fb945b2c4610a440b9e5b4f63c0c1cbbec02 bs-div---default\"><div class=\"bs-div__inner d-flex flex-wrap align-items-center    \">\n<a class=\"bs-post__author has-text-align-center\" href=\"https:\/\/swimlane.com\/ja\/author\/Katie_Bykowski\/\">\n\t<div class=\"profile-desc\">\n\t\t<figure>\n\t\t\t<img decoding=\"async\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/author_Katie_Bykowski.jpg\" alt=\"user-avatar\">\n\t\t<\/figure>\n\t\t<span class=\"prefix\"><\/span>\n\t\t<span class=\"name\">\n\t\t\tKatie Bykowski\t\t<\/span>\n\t<\/div>\n<\/a>\n\n\n\n<div class=\"reading-time\">\n    <span class=\"reading-time__time\">3 <\/span> Minute Read\n<\/div><\/div><\/div>\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n\n\n<section class=\"bs-section bs-section-050e6505c2b06c7ce9ca858e2f56661a365e6ba8 bs-section---default bs-section--blog-inner-main-contents  \"><div class=\"container\">\n<div class=\"bs-row row justify-content-between  bs-row---default\">\n<div class=\" bs-column col-sm-12 col-md-1   bs-column-b9d738473a055284b615b4f50be5a383dfe4cc38 bs-column---default     \"><div class=\"heateor_sss_sharing_container heateor_sss_horizontal_sharing\" data-heateor-ss-offset=\"0\" data-heateor-sss-href='https:\/\/swimlane.com\/ja\/blog\/automating-dfir-with-soar\/'><div class=\"heateor_sss_sharing_ul\"><a aria-label=\"Email\" class=\"heateor_sss_email\" href=\"https:\/\/swimlane.com\/ja\/blog\/automating-dfir-with-soar\/\" onclick=\"event.preventDefault();window.open('mailto:?subject=' + decodeURIComponent('Everything%20You%20Need%20to%20Know%20About%20Automating%20DFIR').replace('&', '%26') + '&body=https%3A%2F%2Fswimlane.com%2Fja%2Fblog%2Fautomating-dfir-with-soar%2F', '_blank')\" title=\"Email\" rel=\"noopener\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg\" style=\"background-color:#649a3f;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"-.75 -.5 36 36\"><path d=\"M 5.5 11 h 23 v 1 l -11 6 l -11 -6 v -1 m 0 2 l 11 6 l 11 -6 v 11 h -22 v -11\" stroke-width=\"1\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><a aria-label=\"Twitter\" class=\"heateor_sss_button_twitter\" href=\"https:\/\/twitter.com\/intent\/tweet?text=Everything%20You%20Need%20to%20Know%20About%20Automating%20DFIR&url=https%3A%2F%2Fswimlane.com%2Fja%2Fblog%2Fautomating-dfir-with-soar%2F\" title=\"Twitter\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_twitter\" style=\"background-color:#55acee;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"-4 -4 39 39\"><path d=\"M28 8.557a9.913 9.913 0 0 1-2.828.775 4.93 4.93 0 0 0 2.166-2.725 9.738 9.738 0 0 1-3.13 1.194 4.92 4.92 0 0 0-3.593-1.55 4.924 4.924 0 0 0-4.794 6.049c-4.09-.21-7.72-2.17-10.15-5.15a4.942 4.942 0 0 0-.665 2.477c0 1.71.87 3.214 2.19 4.1a4.968 4.968 0 0 1-2.23-.616v.06c0 2.39 1.7 4.38 3.952 4.83-.414.115-.85.174-1.297.174-.318 0-.626-.03-.928-.086a4.935 4.935 0 0 0 4.6 3.42 9.893 9.893 0 0 1-6.114 2.107c-.398 0-.79-.023-1.175-.068a13.953 13.953 0 0 0 7.55 2.213c9.056 0 14.01-7.507 14.01-14.013 0-.213-.005-.426-.015-.637.96-.695 1.795-1.56 2.455-2.55z\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><a aria-label=\"Facebook\" class=\"heateor_sss_facebook\" href=\"https:\/\/www.facebook.com\/sharer\/sharer.php?u=https%3A%2F%2Fswimlane.com%2Fja%2Fblog%2Fautomating-dfir-with-soar%2F\" title=\"Facebook\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg\" style=\"background-color:#0765FE;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path fill=\"#fff\" d=\"M28 16c0-6.627-5.373-12-12-12S4 9.373 4 16c0 5.628 3.875 10.35 9.101 11.647v-7.98h-2.474V16H13.1v-1.58c0-4.085 1.849-5.978 5.859-5.978.76 0 2.072.15 2.608.298v3.325c-.283-.03-.775-.045-1.386-.045-1.967 0-2.728.745-2.728 2.683V16h3.92l-.673 3.667h-3.247v8.245C23.395 27.195 28 22.135 28 16Z\"><\/path><\/svg><\/span><\/a><a aria-label=\"Linkedin\" class=\"heateor_sss_button_linkedin\" href=\"https:\/\/www.linkedin.com\/sharing\/share-offsite\/?url=https%3A%2F%2Fswimlane.com%2Fja%2Fblog%2Fautomating-dfir-with-soar%2F\" title=\"Linkedin\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_linkedin\" style=\"background-color:#0077b5;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path d=\"M6.227 12.61h4.19v13.48h-4.19V12.61zm2.095-6.7a2.43 2.43 0 0 1 0 4.86c-1.344 0-2.428-1.09-2.428-2.43s1.084-2.43 2.428-2.43m4.72 6.7h4.02v1.84h.058c.56-1.058 1.927-2.176 3.965-2.176 4.238 0 5.02 2.792 5.02 6.42v7.395h-4.183v-6.56c0-1.564-.03-3.574-2.178-3.574-2.18 0-2.514 1.7-2.514 3.46v6.668h-4.187V12.61z\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><\/div><div class=\"heateorSssClear\"><\/div><\/div>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-lg-8 col-md-11   bs-column-5fcbee853797bef68c609dd2715f511e3ead78a3 bs-column---default bs-column--contents     \">\n<h2>An overview of Digital Forensics and Incident Response plans, and how to utilize automation for better response.<\/h2>\n<h2><strong>What is DFIR?<\/strong><\/h2>\n<p>A <a href=\"https:\/\/swimlane.com\/automating-digital-forensics-and-incident-response\/\" rel=\"noopener noreferrer\">Digital Forensics and Incident Response (DFIR)<\/a> plan is a systematic and documented method of approaching and managing situations resulting from IT security incidents or breaches as well as collecting evidence related to the incident or data breach. DFIR plans are used in enterprise IT environments and facilities to identify, respond, limit and counteract security incidents as they occur.<\/p>\n<p><strong>Digital Forensics <\/strong>is the process of using scientific techniques and tools to identify, preserve and analyze system data in the event of a potential attack. It involves analyzing digital devices, such as computers, mobile devices and other endpoints to identify and extract evidence of &#8220;who&#8221; and &#8220;what&#8221; is involved with the incident.<strong><br \/><\/strong><\/p>\n<p><strong>Incident Response<\/strong> refers to the overall&nbsp;process that prepares for, identifies, responds to, and mitigates the effects of a security incident. It involves&nbsp;identifying the source of the incident, determining the extent of the damage, and taking steps to prevent further harm.&nbsp;<\/p>\n<figure><center><iframe loading=\"lazy\" title=\"YouTube video player\" src=\"https:\/\/www.youtube.com\/embed\/BDKsg1rzoaA\" width=\"560\" height=\"315\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/center><\/figure>\n<h3>The Value of DFIR<\/h3>\n<p>The best way to handle an incident is by being prepared and having already taken the necessary proactive steps. This involves a specific process of:<\/p>\n<ul>\n<li>Identify a set of individuals to make up the incident response team<\/li>\n<li>Make sure they are well-trained for any procedures they may need to execute<\/li>\n<li>Create a detailed document called the incident response plan<\/li>\n<li>Regularly practice and update the incident response plan<\/li>\n<\/ul>\n<p>The DFIR plan should have detailed steps for each type of incident that identifies the actions to be carried out, the order in which they should be executed, and which team members are involved. It is not a question of if you need to have a process and plan for digital forensics and incident response. It is only a matter of when you will be using it.<\/p>\n<h3>DFIR Plan Overview<\/h3>\n<\/p>\n<p><center><\/p>\n<figure><iframe loading=\"lazy\" title=\"YouTube video player\" src=\"https:\/\/www.youtube.com\/embed\/6UjzwpNg3DQ\" width=\"560\" height=\"315\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/figure>\n<\/p>\n<p><\/center><\/p>\n<p>Traditional digital forensics and <a href=\"https:\/\/swimlane.com\/blog\/automated-incident-response\">incident response<\/a> is dependent on physical systems and physical access. However, most organizations now run one or more of their services in the cloud. To address modern hybrid infrastructures your digital forensics and incident response plan must account for systems that are virtual and located outside your premises.<\/p>\n<h3>What Are the Steps of the DFIR Process?<\/h3>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" style=\"opacity: 1;\" src=\"https:\/\/swimlane.com\/assets\/uploads\/images\/digital-forensics-incident-response-plan-flow.png\" alt=\"Flow of Digital Forensics chart\" width=\"1200\" height=\"628\" data-image=\"247052\"><\/p>\n<p>The following list offers videos that examine each phase of the DFIR plan and the important differences when implementing your plan with cloud resources:<\/p>\n<p><strong>Preparation: <\/strong>Preparation ensures that the DFIR is ready to execute when needed. Preparation also ensures that personnel is trained and that infrastructure and software needs are met ahead of time.<\/p>\n<p><strong>Detection<\/strong>: Detection handles the initial identification and triage of an incident and establishes a chain of command for the incident response through investigation and documentation. A low-code <a href=\"https:\/\/swimlane.com\/blog\/what-is-soar\" rel=\"noopener noreferrer\">security orchestration, automation and response (SOAR) platform<\/a> can automate the ingestion of alerts or events from any number of security and networking devices on your network, as well as monitor email inboxes.<\/p>\n<p><strong>Containment<\/strong>: Containment stops the incident from increasing in severity or scope. Containment protects the organization. A SOAR platform can orchestrate various security and networking tools to gather evidence from a system, shut off network access to a system, power down systems, and correlate alerts and incidents to help identify spreading compromises.<\/p>\n<p><strong>Eradication<\/strong>: Eradication eliminates the root cause of an incident to secure affected assets and prevent further breaches. A low-code SOAR&nbsp;platform can automate collecting backup data from a system, reimagining a system, redeploying containers and running on-system malware scans or scripts.<\/p>\n<p><strong>Recovery:<\/strong> Recovery restores pre-incident functionality to affected systems. A SOAR platform can use scripts or vendor tools to push standard images to systems, restore backed-up data to assist in the recovery process, as well as verify whether expected access and behavior have been restored.<\/p>\n<p><strong>Post-Incident Activity:<\/strong> A \u201clessons learned\u201d exercise is a retrospective focused on improving processes &amp; procedures. An incident report based on the timeline of the incident is created and agreed on. The report should identify when things happened and ensure everyone agrees with the details. The lessons learned phase is often overlooked or skipped but it is very important because it reviews the incident and finds opportunities for improvements in the incident response plan and the overall security posture.<\/p>\n<p><em><a href=\"https:\/\/swimlane.com\/automating-digital-forensics-and-incident-response\/\">Watch our in-depth video series on the DFIR Process.<\/a><\/em><\/p>\n<h2>Benefits of Automating the DFIR Process<\/h2>\n<\/p>\n<p><center><\/p>\n<figure><iframe loading=\"lazy\" title=\"YouTube video player\" src=\"https:\/\/www.youtube.com\/embed\/D2aKxjMH5sg\" width=\"560\" height=\"315\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/figure>\n<\/p>\n<p><\/center><\/p>\n<p>Automating digital forensics and incident response processes can provide useful benefits, such as:<\/p>\n<ul>\n<li>Better consistency and precision of actions<\/li>\n<li>Increase in speed and accuracy<\/li>\n<li>Better tracking of what is taking place<\/li>\n<li>Reduced divergence from the plan itself<\/li>\n<\/ul>\n<p>The process of gathering all data related to a case from multiple tools, environments, and sources can be automated with a low-code&nbsp;<a href=\"https:\/\/swimlane.com\/blog\/security-automation\">security automation<\/a> platform. Most SOAR solutions&nbsp;allow data to be exported or reported in various formats.<\/p>\n\n\n\n<div class=\"bs-div bs-div-0314073bb14f49c127f718cbc5316db5cb74ac36 bs-div---default bs-div--blog-inner-download-guide\"><style>.bs-div.bs-div-0314073bb14f49c127f718cbc5316db5cb74ac36 {background-image: url(https:\/\/swimlane.com\/wp-content\/uploads\/2022\/10\/download-report.png); background-position: center center;\n    background-size: cover;} <\/style><div class=\"bs-div__inner d-flex flex-wrap justify-content-center  flex-md-row-reverse align-items-md-center justify-content-md-between flex-md-nowrap  \"><div class='media-elements bs-media-element---default enable'>    <div class='bs-common-image'>\n                            <figure class='figure justify-content-start d-flex'>\n                            <picture>\n                            \n                            <img src='https:\/\/swimlane.com\/wp-content\/uploads\/Screenshot-2024-06-27-at-11.55.03\u202fAM.png' class='img-fluid'   alt='TAG Cyber ROI analysis report on Swimlane Security Automation benefits' title=''  \/>\n                            <\/picture>\n                                \n                            <\/figure>\n                        <\/div><\/div>\n\n\n<div class=\"bs-div bs-div-2aebcd1b2c11849d7c87d8462be32842b8c42b50 bs-div---default\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading has-white-color has-text-color\" id=\"h-calculate-your-roi-with-swimlane-turbine\">Calculate your ROI with Swimlane Turbine<\/h2>\n\n\n\n<p>To help companies evaluate the potential financial impact of the potential investment, TAG Cyber conducted an extensive study on the Swimlane Security Automation Solution.<\/p>\n\n\n\n<span class=\"bs-pro-button bs-pro-button---default bs-pro-button--primary-with-arrow-small bs-pro-button-p-btn-3dcff85805a2a040343145bd6b45cf3753ac421d\"><style>.bs-pro-button-p-btn-3dcff85805a2a040343145bd6b45cf3753ac421d .bs-pro-button__container {background-color: #abb8c3; color: #000000;}<\/style><a href=\"https:\/\/swimlane.com\/resources\/reports\/roi-report\/\" target=\"\" rel=\"noopener noreferrer\" class=\"bs-pro-button__container\">Download<\/a><\/span>\n<\/div><\/div>\n<\/div><\/div>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-md-12 col-lg-3   bs-column-4ffac197d945e44dadadc9d8f52ba4737135ba21 bs-column---default     \">\n<div class=\"bs-div bs-div-ffc71f24880cf5ca65c4a54e87fb14a656cc562d bs-div---default bs-div--tags\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading\" id=\"h-tags\">Tags<\/h2>\n\n\n<div class=\"post-tag-wrapper\">\n    <p><\/p><\/div>\n<\/div><\/div>\n\n\n\n<div class=\"bs-div bs-div-69c461f15bb5fa3fc09d1aa73a0e5865005218ff bs-div---default bs-div--related-posts\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading\" id=\"h-related-posts\">Related Posts<\/h2>\n\n\n\n<div class=\"bs-related-posts bs-related-posts-block---default\"><div class=\"bs-related-posts__container\"><div class=\"bs-related-posts__items\">\n<div class=\" bs-column col-sm-4   bs-column-4bb8c1b66cb5e72c43988fbaf017046daf38fc18 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69edf473cbb3f bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/ja\/blog\/automated-incident-response\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>8\u6708 22, 2025<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>Automated Incident Response: Everything You Need to Know<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n\n\n\n<div class=\" bs-column col-sm-4   bs-column-4bb8c1b66cb5e72c43988fbaf017046daf38fc18 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69edf473cce41 bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/ja\/blog\/low-code-security-automation-simplicity\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>5\u6708 10, 2023<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>Low-Code Security Automation: Everything You Need to Know<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n\n\n\n<div class=\" bs-column col-sm-4   bs-column-4bb8c1b66cb5e72c43988fbaf017046daf38fc18 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69edf473cdef9 bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/ja\/blog\/security-operations-system-of-record\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>6\u6708 14, 2022<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>A System of Record for Security: Everything You Need to Know<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div>\n<\/div><\/div>\n\n\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n<section class=\"bs-section bs-section-2a4a600ae9ab197b6a4ccafe05152bf1a2fde1d1 bs-section---default bs-section--newsletter bs-section--common-marketo-form bs-section--common-marketo-form-two-columns  \"><style>.bs-section.bs-section-2a4a600ae9ab197b6a4ccafe05152bf1a2fde1d1{ background-color: #000743;} <\/style><div class=\"container-fluid\">\n<div class=\"bs-row row   bs-row---default\">\n<div class=\" bs-column col-sm-0 col-md-0 col-lg-6   bs-column-df5e10bef85c15055718b4d93887855962017939 bs-column---default     \">\n<h2 class=\"wp-block-heading has-white-color has-text-color\" id=\"requestor\">Request a Live Demo<\/h2>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-0 col-md-0 col-lg-6   bs-column-df5e10bef85c15055718b4d93887855962017939 bs-column---default     \"><div class='media-elements bs-media-element---default enable'>    <div class='bs-common-image'>\n                            <figure class='figure justify-content-start d-flex'>\n                            <picture>\n                            \n                            <img src='https:\/\/swimlane.com\/wp-content\/uploads\/liitp.svg' class='img-fluid'   alt='' title=''  \/>\n                            <\/picture>\n                                \n                            <\/figure>\n                        <\/div><\/div>\n\n<script src=\"\/\/pages.swimlane.com\/js\/forms2\/js\/forms2.min.js\"><\/script>\n<form id=\"mktoForm_1017\"><\/form>\n<script>\n    var embeddedFormId = '05a6905d0187a23e165b2fd995e965fe15cb94f6';\n    var marketoBaseUrl = '\/\/pages.swimlane.com';\n    var munchkinId = '978-QCM-390';\n    var formId = '1017';\n    var responseType = 'redirect';\n    var responseMessage = 'Thank you!';\n    var redirectURL = '';\n    var downloadFileURL = '';\n    var linkOpenType = '_self';\n    var popupVideo = 'url';\n    var popupVideoURL = '';\n    var popupVideoUploadURL = '';\n    MktoForms2.loadForm(marketoBaseUrl, munchkinId, formId, function(form) {\n        form.onSuccess(function(values, followUpUrl) {\n            document.getElementById(\"int_mktoForm_\" + formId).innerHTML = responseMessage;\n                    });\n    });\n<\/script>\n<div class=\"form-submit-note\" id=\"int_mktoForm_1017\"><\/div>\n<!-- Incluing form response options -->\n\n\n\n<script>\n    (function() {\n        \/\/ Please include the email domains you would like to block in this list\n        var invalidDomains = [\"@gmail.\", \"@yahoo.\", \"@hotmail.\", \"@live.\", \"@icloud.\",\"@aol.\", \"@outlook.\", \"@proton.\", \"@mailinator.\"];\n\n\n        MktoForms2.whenReady(function(form) {\n            form.onValidate(function() {\n                var email = form.vals().Email;\n                if (email) {\n                    if (!isEmailGood(email)) {\n                        form.submitable(false);\n                        var emailElem = form.getFormElem().find(\"#Email\");\n                        form.showErrorMessage(\"Must be Business email.\", emailElem);\n                    } else {\n                        form.submitable(true);\n                    }\n                }\n            });\n        });\n\n        function isEmailGood(email) {\n            for (var i = 0; i < invalidDomains.length; i++) {\n                var domain = invalidDomains[i];\n                if (email.indexOf(domain) != -1) {\n                    return false;\n                }\n            }\n            return true;\n        }\n\n\n    })(); \n<\/script>\n<\/div>\n<\/div>\n<\/div><\/section>\n","protected":false},"excerpt":{"rendered":"<p>\u30c7\u30b8\u30bf\u30eb\u30d5\u30a9\u30ec\u30f3\u30b8\u30c3\u30af\u3068\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8\u5bfe\u5fdc\u8a08\u753b\u306e\u6982\u8981\u3001\u304a\u3088\u3073\u3088\u308a\u512a\u308c\u305f\u5bfe\u5fdc\u306e\u305f\u3081\u306b\u81ea\u52d5\u5316\u3092\u6d3b\u7528\u3059\u308b\u65b9\u6cd5\u306b\u3064\u3044\u3066\u8aac\u660e\u3057\u307e\u3059\u3002.<\/p>","protected":false},"author":5,"featured_media":9306,"template":"","meta":{"_acf_changed":false,"show_custom_date":false,"custom_date":"","featured":false,"featured_image":0,"learn_more_label":"","image_alt_text":"","learn_more_type":"","learn_more_link":[],"show_popup":false,"disable_iframe":false,"enable_lazy_loading":false,"learn_more_link_file":0,"event_date":false,"event_start_date":"","event_end_date":"","featured_page_list":[],"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","inline_featured_image":false,"footnotes":""},"tags":[],"resource-type":[67],"resource-topic":[],"resource-industry":[],"blog-category":[69],"class_list":["post-9305","sw_resource","type-sw_resource","status-publish","has-post-thumbnail","hentry","resource-type-blogs","blog-category-use-cases"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.5 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>What You Need to Know About Automating DFIR<\/title>\n<meta name=\"description\" content=\"A DFIR plan is a systematic, documented method of approaching and managing situations resulting from and collecting evidence.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/swimlane.com\/ja\/\u30d6\u30ed\u30b0\/soar\u3067dfir\u3092\u81ea\u52d5\u5316\u3059\u308b\/\" \/>\n<meta property=\"og:locale\" content=\"ja_JP\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Everything You Need to Know About Automating DFIR\" \/>\n<meta property=\"og:description\" content=\"A DFIR plan is a systematic, documented method of approaching and managing situations resulting from and collecting evidence.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/swimlane.com\/ja\/\u30d6\u30ed\u30b0\/soar\u3067dfir\u3092\u81ea\u52d5\u5316\u3059\u308b\/\" \/>\n<meta property=\"og:site_name\" content=\"AI Security Automation\" \/>\n<meta property=\"article:modified_time\" content=\"2024-06-27T18:00:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/swimlane.com\/wp-content\/uploads\/DFIR-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1120\" \/>\n\t<meta property=\"og:image:height\" content=\"679\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@swimlane\" \/>\n<meta name=\"twitter:label1\" content=\"\u63a8\u5b9a\u8aad\u307f\u53d6\u308a\u6642\u9593\" \/>\n\t<meta name=\"twitter:data1\" content=\"5\u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/swimlane.com\\\/ja\\\/blog\\\/automating-dfir-with-soar\\\/\",\"url\":\"https:\\\/\\\/swimlane.com\\\/ja\\\/blog\\\/automating-dfir-with-soar\\\/\",\"name\":\"What You Need to Know About Automating DFIR\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/swimlane.com\\\/ja\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/swimlane.com\\\/ja\\\/blog\\\/automating-dfir-with-soar\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/swimlane.com\\\/ja\\\/blog\\\/automating-dfir-with-soar\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/swimlane.com\\\/wp-content\\\/uploads\\\/DFIR-1.png\",\"datePublished\":\"2022-12-22T14:00:00+00:00\",\"dateModified\":\"2024-06-27T18:00:36+00:00\",\"description\":\"A DFIR plan is a systematic, documented method of approaching and managing situations resulting from and collecting evidence.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/swimlane.com\\\/ja\\\/blog\\\/automating-dfir-with-soar\\\/#breadcrumb\"},\"inLanguage\":\"ja\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/swimlane.com\\\/ja\\\/blog\\\/automating-dfir-with-soar\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ja\",\"@id\":\"https:\\\/\\\/swimlane.com\\\/ja\\\/blog\\\/automating-dfir-with-soar\\\/#primaryimage\",\"url\":\"https:\\\/\\\/swimlane.com\\\/wp-content\\\/uploads\\\/DFIR-1.png\",\"contentUrl\":\"https:\\\/\\\/swimlane.com\\\/wp-content\\\/uploads\\\/DFIR-1.png\",\"width\":1120,\"height\":679,\"caption\":\"Neon fingerprint visuals representing digital identity and biometric security\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/swimlane.com\\\/ja\\\/blog\\\/automating-dfir-with-soar\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/swimlane.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Everything You Need to Know About Automating DFIR\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/swimlane.com\\\/ja\\\/#website\",\"url\":\"https:\\\/\\\/swimlane.com\\\/ja\\\/\",\"name\":\"Low-Code Security Automation & SOAR Platform | Swimlane\",\"description\":\"Agentic AI automation for every security function\",\"publisher\":{\"@id\":\"https:\\\/\\\/swimlane.com\\\/ja\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/swimlane.com\\\/ja\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ja\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/swimlane.com\\\/ja\\\/#organization\",\"name\":\"Low-Code Security Automation & SOAR Platform | Swimlane\",\"url\":\"https:\\\/\\\/swimlane.com\\\/ja\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ja\",\"@id\":\"https:\\\/\\\/swimlane.com\\\/ja\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/swimlane.com\\\/wp-content\\\/uploads\\\/sw-inline-logo-color-white.svg\",\"contentUrl\":\"https:\\\/\\\/swimlane.com\\\/wp-content\\\/uploads\\\/sw-inline-logo-color-white.svg\",\"width\":912,\"height\":190,\"caption\":\"Low-Code Security Automation & SOAR Platform | Swimlane\"},\"image\":{\"@id\":\"https:\\\/\\\/swimlane.com\\\/ja\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/swimlane\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/swimlane\\\/\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"DFIR\u306e\u81ea\u52d5\u5316\u306b\u3064\u3044\u3066\u77e5\u3063\u3066\u304a\u304f\u3079\u304d\u3053\u3068","description":"DFIR \u8a08\u753b\u306f\u3001\u8a3c\u62e0\u306e\u53ce\u96c6\u304b\u3089\u751f\u3058\u308b\u72b6\u6cc1\u306b\u30a2\u30d7\u30ed\u30fc\u30c1\u3057\u3066\u7ba1\u7406\u3059\u308b\u305f\u3081\u306e\u4f53\u7cfb\u7684\u304b\u3064\u6587\u66f8\u5316\u3055\u308c\u305f\u65b9\u6cd5\u3067\u3059\u3002.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/swimlane.com\/ja\/\u30d6\u30ed\u30b0\/soar\u3067dfir\u3092\u81ea\u52d5\u5316\u3059\u308b\/","og_locale":"ja_JP","og_type":"article","og_title":"Everything You Need to Know About Automating DFIR","og_description":"A DFIR plan is a systematic, documented method of approaching and managing situations resulting from and collecting evidence.","og_url":"https:\/\/swimlane.com\/ja\/\u30d6\u30ed\u30b0\/soar\u3067dfir\u3092\u81ea\u52d5\u5316\u3059\u308b\/","og_site_name":"AI Security Automation","article_modified_time":"2024-06-27T18:00:36+00:00","og_image":[{"width":1120,"height":679,"url":"https:\/\/swimlane.com\/wp-content\/uploads\/DFIR-1.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_site":"@swimlane","twitter_misc":{"\u63a8\u5b9a\u8aad\u307f\u53d6\u308a\u6642\u9593":"5\u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/swimlane.com\/ja\/blog\/automating-dfir-with-soar\/","url":"https:\/\/swimlane.com\/ja\/blog\/automating-dfir-with-soar\/","name":"DFIR\u306e\u81ea\u52d5\u5316\u306b\u3064\u3044\u3066\u77e5\u3063\u3066\u304a\u304f\u3079\u304d\u3053\u3068","isPartOf":{"@id":"https:\/\/swimlane.com\/ja\/#website"},"primaryImageOfPage":{"@id":"https:\/\/swimlane.com\/ja\/blog\/automating-dfir-with-soar\/#primaryimage"},"image":{"@id":"https:\/\/swimlane.com\/ja\/blog\/automating-dfir-with-soar\/#primaryimage"},"thumbnailUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/DFIR-1.png","datePublished":"2022-12-22T14:00:00+00:00","dateModified":"2024-06-27T18:00:36+00:00","description":"DFIR \u8a08\u753b\u306f\u3001\u8a3c\u62e0\u306e\u53ce\u96c6\u304b\u3089\u751f\u3058\u308b\u72b6\u6cc1\u306b\u30a2\u30d7\u30ed\u30fc\u30c1\u3057\u3066\u7ba1\u7406\u3059\u308b\u305f\u3081\u306e\u4f53\u7cfb\u7684\u304b\u3064\u6587\u66f8\u5316\u3055\u308c\u305f\u65b9\u6cd5\u3067\u3059\u3002.","breadcrumb":{"@id":"https:\/\/swimlane.com\/ja\/blog\/automating-dfir-with-soar\/#breadcrumb"},"inLanguage":"ja","potentialAction":[{"@type":"ReadAction","target":["https:\/\/swimlane.com\/ja\/blog\/automating-dfir-with-soar\/"]}]},{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/swimlane.com\/ja\/blog\/automating-dfir-with-soar\/#primaryimage","url":"https:\/\/swimlane.com\/wp-content\/uploads\/DFIR-1.png","contentUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/DFIR-1.png","width":1120,"height":679,"caption":"Neon fingerprint visuals representing digital identity and biometric security"},{"@type":"BreadcrumbList","@id":"https:\/\/swimlane.com\/ja\/blog\/automating-dfir-with-soar\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/swimlane.com\/"},{"@type":"ListItem","position":2,"name":"Everything You Need to Know About Automating DFIR"}]},{"@type":"WebSite","@id":"https:\/\/swimlane.com\/ja\/#website","url":"https:\/\/swimlane.com\/ja\/","name":"\u30ed\u30fc\u30b3\u30fc\u30c9\u30fb\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fb\u30aa\u30fc\u30c8\u30e1\u30fc\u30b7\u30e7\u30f3\uff06SOAR\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\uff5c\u30b9\u30a4\u30e0\u30ec\u30fc\u30f3","description":"\u3042\u3089\u3086\u308b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u80fd\u3092\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u578bAI\u3067\u81ea\u52d5\u5316","publisher":{"@id":"https:\/\/swimlane.com\/ja\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/swimlane.com\/ja\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ja"},{"@type":"Organization","@id":"https:\/\/swimlane.com\/ja\/#organization","name":"\u30ed\u30fc\u30b3\u30fc\u30c9\u30fb\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fb\u30aa\u30fc\u30c8\u30e1\u30fc\u30b7\u30e7\u30f3\uff06SOAR\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\uff5c\u30b9\u30a4\u30e0\u30ec\u30fc\u30f3","url":"https:\/\/swimlane.com\/ja\/","logo":{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/swimlane.com\/ja\/#\/schema\/logo\/image\/","url":"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg","contentUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg","width":912,"height":190,"caption":"Low-Code Security Automation & SOAR Platform | Swimlane"},"image":{"@id":"https:\/\/swimlane.com\/ja\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/swimlane","https:\/\/www.linkedin.com\/company\/swimlane\/"]}]}},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/swimlane.com\/ja\/wp-json\/wp\/v2\/sw_resource\/9305","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/swimlane.com\/ja\/wp-json\/wp\/v2\/sw_resource"}],"about":[{"href":"https:\/\/swimlane.com\/ja\/wp-json\/wp\/v2\/types\/sw_resource"}],"author":[{"embeddable":true,"href":"https:\/\/swimlane.com\/ja\/wp-json\/wp\/v2\/users\/5"}],"version-history":[{"count":0,"href":"https:\/\/swimlane.com\/ja\/wp-json\/wp\/v2\/sw_resource\/9305\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/swimlane.com\/ja\/wp-json\/wp\/v2\/media\/9306"}],"wp:attachment":[{"href":"https:\/\/swimlane.com\/ja\/wp-json\/wp\/v2\/media?parent=9305"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/swimlane.com\/ja\/wp-json\/wp\/v2\/tags?post=9305"},{"taxonomy":"resource-type","embeddable":true,"href":"https:\/\/swimlane.com\/ja\/wp-json\/wp\/v2\/resource-type?post=9305"},{"taxonomy":"resource-topic","embeddable":true,"href":"https:\/\/swimlane.com\/ja\/wp-json\/wp\/v2\/resource-topic?post=9305"},{"taxonomy":"resource-industry","embeddable":true,"href":"https:\/\/swimlane.com\/ja\/wp-json\/wp\/v2\/resource-industry?post=9305"},{"taxonomy":"blog-category","embeddable":true,"href":"https:\/\/swimlane.com\/ja\/wp-json\/wp\/v2\/blog-category?post=9305"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}