{"id":9813,"date":"2018-01-31T07:50:00","date_gmt":"2018-01-31T14:50:00","guid":{"rendered":"https:\/\/swimlane.com\/resource\/nist-incident-response\/"},"modified":"2026-03-31T04:24:13","modified_gmt":"2026-03-31T10:24:13","slug":"resposta-a-incidentes-do-nist","status":"publish","type":"sw_resource","link":"https:\/\/swimlane.com\/pt\/blog\/nist-incident-response\/","title":{"rendered":"Aprimorando a resposta a incidentes com a estrutura de ciberseguran\u00e7a do NIST e a automa\u00e7\u00e3o e orquestra\u00e7\u00e3o de seguran\u00e7a (SAO)."},"content":{"rendered":"\n\n\n<section class=\"bs-section bs-section-50ac0cc438dbf2f3b380783c05a3c736bb0670e7 bs-section---default bs-section--blog-inner-banner  \"><style>.bs-section.bs-section-50ac0cc438dbf2f3b380783c05a3c736bb0670e7{ background-color: #000743;} <\/style><div class=\"container\">\n<div class=\"bs-row row  flex-md-row-reverse bs-row---default\">\n<div class=\" bs-column col-sm-12 col-md-12 col-lg-6   bs-column-6770b3369b6c61539d3140cb52ed6bc5ec393625 bs-column---default bs-column--right d-flex flex-column justify-content-end    \"><figure class=\"wp-block-post-featured-image\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/01.31.18-Cybersecurity-Framework.png\" class=\"attachment-post-thumbnail size-post-thumbnail wp-post-image\" alt=\"Diagram of a padlock and chain over a world map with binary code background.\" style=\"object-fit:cover;\" srcset=\"https:\/\/swimlane.com\/wp-content\/uploads\/01.31.18-Cybersecurity-Framework.png 1120w, https:\/\/swimlane.com\/wp-content\/uploads\/01.31.18-Cybersecurity-Framework-300x186.png 300w, https:\/\/swimlane.com\/wp-content\/uploads\/01.31.18-Cybersecurity-Framework-1024x636.png 1024w, https:\/\/swimlane.com\/wp-content\/uploads\/01.31.18-Cybersecurity-Framework-768x477.png 768w\" sizes=\"(max-width: 1120px) 100vw, 1120px\" \/><\/figure><\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-md-12 col-lg-6   bs-column-2ba18c9b6304620af4785b54fe900bf0ce0fc4d5 bs-column---default d-flex flex-column    \"><div class=\"wp-block-post-date\"><time datetime=\"2018-01-31T07:50:00-07:00\">Jan 31, 2018<\/time><\/div>\n\n<h1 class=\"wp-block-post-title has-text-color has-white-color\">Improving incident response with the NIST Cybersecurity Framework and security automation and orchestration (SAO)<\/h1>\n\n\n<div class=\"bs-div bs-div-44a15e4b99450b7aaf810333a0fbaa4ff5112133 bs-div---default\"><div class=\"bs-div__inner d-flex flex-wrap align-items-center    \">\n<a class=\"bs-post__author has-text-align-center\" href=\"https:\/\/swimlane.com\/pt\/author\/Katie_Bykowski\/\">\n\t<div class=\"profile-desc\">\n\t\t<figure>\n\t\t\t<img decoding=\"async\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/author_Katie_Bykowski.jpg\" alt=\"user-avatar\">\n\t\t<\/figure>\n\t\t<span class=\"prefix\"><\/span>\n\t\t<span class=\"name\">\n\t\t\tKatie Bykowski\t\t<\/span>\n\t<\/div>\n<\/a>\n\n\n\n<div class=\"reading-time\">\n    <span class=\"reading-time__time\">5 <\/span> Minute Read\n<\/div><\/div><\/div>\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n\n\n\n\n\n\n<section class=\"bs-section bs-section-205a03f93391472c82564395e3b5684e68c8ef7d bs-section---default bs-section--blog-inner-main-contents  \"><div class=\"container\">\n<div class=\"bs-row row justify-content-between  bs-row---default\">\n<div class=\" bs-column col-sm-12 col-md-1   bs-column-fa02c15a19a9c2952663733986e45d4eef708638 bs-column---default     \"><div class=\"heateor_sss_sharing_container heateor_sss_horizontal_sharing\" data-heateor-ss-offset=\"0\" data-heateor-sss-href='https:\/\/swimlane.com\/pt\/blog\/nist-incident-response\/'><div class=\"heateor_sss_sharing_ul\"><a aria-label=\"Email\" class=\"heateor_sss_email\" href=\"https:\/\/swimlane.com\/pt\/blog\/nist-incident-response\/\" onclick=\"event.preventDefault();window.open('mailto:?subject=' + decodeURIComponent('Improving%20incident%20response%20with%20the%20NIST%20Cybersecurity%20Framework%20and%20security%20automation%20and%20orchestration%20%28SAO%29').replace('&', '%26') + '&body=https%3A%2F%2Fswimlane.com%2Fpt%2Fblog%2Fnist-incident-response%2F', '_blank')\" title=\"Email\" rel=\"noopener\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg\" style=\"background-color:#649a3f;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"-.75 -.5 36 36\"><path d=\"M 5.5 11 h 23 v 1 l -11 6 l -11 -6 v -1 m 0 2 l 11 6 l 11 -6 v 11 h -22 v -11\" stroke-width=\"1\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><a aria-label=\"Twitter\" class=\"heateor_sss_button_twitter\" href=\"https:\/\/twitter.com\/intent\/tweet?text=Improving%20incident%20response%20with%20the%20NIST%20Cybersecurity%20Framework%20and%20security%20automation%20and%20orchestration%20%28SAO%29&url=https%3A%2F%2Fswimlane.com%2Fpt%2Fblog%2Fnist-incident-response%2F\" title=\"Twitter\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_twitter\" style=\"background-color:#55acee;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"-4 -4 39 39\"><path d=\"M28 8.557a9.913 9.913 0 0 1-2.828.775 4.93 4.93 0 0 0 2.166-2.725 9.738 9.738 0 0 1-3.13 1.194 4.92 4.92 0 0 0-3.593-1.55 4.924 4.924 0 0 0-4.794 6.049c-4.09-.21-7.72-2.17-10.15-5.15a4.942 4.942 0 0 0-.665 2.477c0 1.71.87 3.214 2.19 4.1a4.968 4.968 0 0 1-2.23-.616v.06c0 2.39 1.7 4.38 3.952 4.83-.414.115-.85.174-1.297.174-.318 0-.626-.03-.928-.086a4.935 4.935 0 0 0 4.6 3.42 9.893 9.893 0 0 1-6.114 2.107c-.398 0-.79-.023-1.175-.068a13.953 13.953 0 0 0 7.55 2.213c9.056 0 14.01-7.507 14.01-14.013 0-.213-.005-.426-.015-.637.96-.695 1.795-1.56 2.455-2.55z\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><a aria-label=\"Facebook\" class=\"heateor_sss_facebook\" href=\"https:\/\/www.facebook.com\/sharer\/sharer.php?u=https%3A%2F%2Fswimlane.com%2Fpt%2Fblog%2Fnist-incident-response%2F\" title=\"Facebook\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg\" style=\"background-color:#0765FE;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path fill=\"#fff\" d=\"M28 16c0-6.627-5.373-12-12-12S4 9.373 4 16c0 5.628 3.875 10.35 9.101 11.647v-7.98h-2.474V16H13.1v-1.58c0-4.085 1.849-5.978 5.859-5.978.76 0 2.072.15 2.608.298v3.325c-.283-.03-.775-.045-1.386-.045-1.967 0-2.728.745-2.728 2.683V16h3.92l-.673 3.667h-3.247v8.245C23.395 27.195 28 22.135 28 16Z\"><\/path><\/svg><\/span><\/a><a aria-label=\"Linkedin\" class=\"heateor_sss_button_linkedin\" href=\"https:\/\/www.linkedin.com\/sharing\/share-offsite\/?url=https%3A%2F%2Fswimlane.com%2Fpt%2Fblog%2Fnist-incident-response%2F\" title=\"Linkedin\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_linkedin\" style=\"background-color:#0077b5;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path d=\"M6.227 12.61h4.19v13.48h-4.19V12.61zm2.095-6.7a2.43 2.43 0 0 1 0 4.86c-1.344 0-2.428-1.09-2.428-2.43s1.084-2.43 2.428-2.43m4.72 6.7h4.02v1.84h.058c.56-1.058 1.927-2.176 3.965-2.176 4.238 0 5.02 2.792 5.02 6.42v7.395h-4.183v-6.56c0-1.564-.03-3.574-2.178-3.574-2.18 0-2.514 1.7-2.514 3.46v6.668h-4.187V12.61z\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><\/div><div class=\"heateorSssClear\"><\/div><\/div>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-lg-8 col-md-11   bs-column-0d83d6d9863f92131cc95492d42e5b50c72f00bb bs-column---default bs-column--contents     \">\n<h2>\u00a0<\/h2>\n<figure><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-medium wp-image-3134\" src=\"https:\/\/swimlane.com\/assets\/uploads\/images\/wp\/2018\/01\/NIST-incident-response-SAO-NIST-logo-300x79.png\" alt=\"NIST incident response - SAO - NIST logo\" width=\"300\" height=\"79\" data-image=\"6fw8liyoyx5r\" \/><\/figure>\n<p>The <a href=\"https:\/\/www.nist.gov\/cyberframework\" target=\"_blank\" rel=\"noreferrer noopener\">National Institute of Standards and Technology&#8217;s (NIST) Cybersecurity Framework<\/a> was developed in response to a 2013 presidential executive order to help government and private organizations better protect their critical infrastructure from cyberattacks. Now nearing its second version (1.1), the Cybersecurity Framework offers organizations a flexible way to design and implement cost-effective but holistic cybersecurity strategies. It covers the full gamut of security, from identifying and detecting threats through responding and recovery.<\/p>\n<blockquote>\n<p>The NIST Cybersecurity Framework supports organizations with a flexible way to design and implement a cost-effective but holistic cybersecurity strategy.<\/p>\n<\/blockquote>\n<p>Security Automation and Orchestration (SAO) helps organizations enact controls that align with the Framework. SAO is a collection of tools and practices that automate security detection and incident response and orchestrate security systems. With SAO, organizations make their security teams more productive and effective in responding to security incidents in accordance with the Framework.<\/p>\n<h3>What\u2019s in the NIST Cybersecurity Framework?<\/h3>\n<p>The NIST Cybersecurity Framework offers extensive guidance on developing, implementing and continuously improving a cybersecurity program. Its core contains five functions: identify, protect, detect, respond and recover. Each function is further broken down into categories, each of which offers subcategories for dealing with specific aspects of securing critical infrastructure against cyberattacks.<\/p>\n<p>It also provides a set of implementation tiers that organizations can use to assess how well they manage cybersecurity risks. A tier 1 \u201cpartial\u201d organization has informal, reactive responses to cyber threats. Tier 2 is \u201crisk informed,\u201d while tier 3 is \u201crepeatable.\u201d Tier 4 represents an \u201cadaptive\u201d organization, which is able to devise repeatable processes flexibly in response to shifting risks.<\/p>\n<h3>How security automation and orchestration improves incident response<\/h3>\n<p>Security incident response is about more than just responding to a problem. In the Cybersecurity Framework, incident response includes the core functions of detect, response and recover. All three are needed to respond properly to a security incident.<\/p>\n<p>Table 1 shows the 11 categories included in these three functions, and each has a unique category identifier. For example, in the detect function DE.AE is the category for \u201cAnomalies and Events.\u201d To comply with the Framework, an organization must devise a way to detect anomalies or suspicious events that might signal the start of security incident. This might involve DE.CM (\u201cSecurity Continuous Monitoring\u201d) operating in concert with DE.DP (\u201cDetection Processes\u201d).<\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"117\"><strong>Function Unique Identifier<\/strong><\/td>\n<td width=\"81\"><strong>Function<\/strong><\/td>\n<td width=\"86\"><strong>Category Unique <\/strong><strong>Identifier<\/strong><\/td>\n<td width=\"184\"><strong>Category<\/strong><\/td>\n<\/tr>\n<tr>\n<td rowspan=\"3\" width=\"117\"><strong>DE<\/strong><\/td>\n<td rowspan=\"3\" width=\"81\"><strong>Detect<\/strong><\/td>\n<td width=\"86\">DE.AE<\/td>\n<td width=\"184\">Anomalies and Events<\/td>\n<\/tr>\n<tr>\n<td width=\"86\">DE.CM<\/td>\n<td width=\"184\">Security Continuous Monitoring<\/td>\n<\/tr>\n<tr>\n<td width=\"86\">DE.DP<\/td>\n<td width=\"184\">Detection Processes<\/td>\n<\/tr>\n<tr>\n<td rowspan=\"5\" width=\"117\"><strong>RS<\/strong><\/td>\n<td rowspan=\"5\" width=\"81\"><strong>Respond<\/strong><\/td>\n<td width=\"86\">RS.RP<\/td>\n<td width=\"184\">Response Planning<\/td>\n<\/tr>\n<tr>\n<td width=\"86\">RS.CO<\/td>\n<td width=\"184\">Communications<\/td>\n<\/tr>\n<tr>\n<td width=\"86\">RS.AN<\/td>\n<td width=\"184\">Analysis<\/td>\n<\/tr>\n<tr>\n<td width=\"86\">RS.MI<\/td>\n<td width=\"184\">Mitigation<\/td>\n<\/tr>\n<tr>\n<td width=\"86\">RS.IM<\/td>\n<td width=\"184\">Improvements<\/td>\n<\/tr>\n<tr>\n<td rowspan=\"3\" width=\"117\"><strong>RE<\/strong><\/td>\n<td rowspan=\"3\" width=\"81\"><strong>Recover<\/strong><\/td>\n<td width=\"86\">RC.RP<\/td>\n<td width=\"184\">Recovery Planning<\/td>\n<\/tr>\n<tr>\n<td width=\"86\">RC.IM<\/td>\n<td width=\"184\">Improvements<\/td>\n<\/tr>\n<tr>\n<td width=\"86\">RC.CO<\/td>\n<td width=\"184\">Communications<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>Table 1 \u2013 The detect, respond and recover functions from the NIST Cybersecurity Framework<\/strong><\/p>\n<h3>Integrating security and communication technologies with SAO<\/h3>\n<p>Many organizations use technologies like intrusion detection systems (IDS) and security incident and event monitoring (SIEM) solutions to perform the Framework\u2019s detect function. To attain the best outcomes from the detect function, there should be integrations enabled by SAO between SIEM, IDS, or any other security tools that generate security alerts. Integration enables productivity-enhancing orchestration and the automation of detection workflow steps.<\/p>\n<p>The Framework then recommends a pre-planned response process. According to the respond categories, there should be a rigorous communications processes in place to track the progress of threat analysis and threat mitigation workflows. A rigorous communications process also requires integration. Integrating relevant communication systems, like email and ticketing, with SAO makes it possible to automate communications and relieves team members of the repetitive work of communicating alert statuses. The response outlined in the Framework then continues through recovery.<\/p>\n<h3>Solving the cybersecurity staffing shortage with SAO<\/h3>\n<p>The challenge with using the NIST Cybersecurity Framework for incident response is the inevitable limit of available resources since there are only so many skilled staffers on a cybersecurity team, and the cybersecurity staffing shortage continues to grow. With threats increasing, teams can become overwhelmed by false positives and rendered unproductive by the need to keep up with routine notification and ticketing tasks. If the team does not have the right tools, it won\u2019t be effective in meeting the criteria for the Cybersecurity Framework.<\/p>\n<p>Security automation and orchestration offers a solution to the limited resource problem by speeding up each part of the detect-respond-recover cycle. For example, imagine that a security operations team receives an alert from a SIEM solution about an anomalous event on the network. If the team responds to the alert manually, it will have to do the tedious, time-consuming work of opening a ticket, conducting threat analysis and communicating with stakeholders.<\/p>\n<p>With SAO, these steps are automated. Interactions between relevant systems are orchestrated according to defined process steps. The SAO solution can automatically submit the details of the alert to a threat intelligence system, open a <a href=\"https:\/\/swimlane.com\/solutions\/security-automation-and-orchestration\/case-management\/\">case management<\/a> ticket in a system like JIRA, and send emails to relevant stakeholders.<\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"117\"><strong>Function<\/strong><\/td>\n<td width=\"81\"><strong>Category<\/strong><\/td>\n<td width=\"86\"><strong>Subcategory<\/strong><\/td>\n<td width=\"184\"><strong>How SAO improves the process<\/strong><\/td>\n<\/tr>\n<tr>\n<td rowspan=\"5\" width=\"117\"><strong>Detect (DE)<\/strong><\/td>\n<td rowspan=\"5\" width=\"81\"><strong>Anomalies and Events (DE.AE):<\/strong><br \/>Anomalous activity is detected in a timely manner and the potential impact of events is understood.<\/td>\n<td width=\"86\"><strong>DE.AE-1: <\/strong>A baseline of network operations and expected data flows for users and systems is established and managed<\/td>\n<td width=\"184\">Using logs from multiple security tools and SAO, the team can continually calibrate the baseline to improve its incident response capabilities.<\/td>\n<\/tr>\n<tr>\n<td width=\"86\"><strong>DE.AE-2: <\/strong>Detected events are analyzed to understand attack targets and methods<\/td>\n<td width=\"184\">SAO can automate the analysis process, saving time and making team members more productive.<\/td>\n<\/tr>\n<tr>\n<td width=\"86\"><strong>DE.AE-3: <\/strong>Event data are aggregated and correlated from multiple sources and sensors<\/td>\n<td width=\"184\">SAO can automate the steps required for aggregation and correlation from multiple sources. A SAO solution can also orchestrate the systems involved in the analysis and correlation processes.<\/td>\n<\/tr>\n<tr>\n<td width=\"86\"><strong>DE.AE-4: <\/strong>Impact of events is determined<\/td>\n<td width=\"184\">A SAO solution speeds up the process of determining the event\u2019s impact and notifying key stakeholders.<\/td>\n<\/tr>\n<tr>\n<td width=\"86\"><strong>DE.AE-5: <\/strong>Incident alert thresholds are established<\/td>\n<td width=\"184\">It is possible for the SAO solution to \u201clearn\u201d from incident alerts and become better at establishing incident alert thresholds. SAO can also automate incident reports to help understand why an attack occurred.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>Figure 2 \u2013 The Subcategories of the Detect: Anomalies and Events (DE:AE) Category in the Detect Function of the NIST Framework Core.<\/strong><\/p>\n<p>Table 2 describes how a SAO solution helps with the specific details of incident response. Using the detect function within the anomalies and events category (DE:AE), it breaks down the SAO\u2019s role in various sub-categories. For instance, subcategory DE.AE-3 calls for<strong> \u201c<\/strong>Event data are aggregated and correlated from multiple sources and sensors,\u201d and SAO can automate the steps required for aggregation and correlation from multiple sources. <a href=\"https:\/\/swimlane.com\/solutions\/security-automation-and-orchestration\/security-orchestration\/\">Security orchestration<\/a> can also integrate the systems involved in the analysis and correlation processes.<\/p>\n<p>SAO has the potential to transform incident response workflows. The right SAO solution enables a cybersecurity team to work smarter and stay on top of alerts and incidents as they arrive. The team can also leverage SAO to improve incident response over time. In this way, SAO also helps organizations move up the tiers of the Framework, developing repeatable and adaptive incident response processes.<\/p>\n<blockquote>\n<p>SAO helps organizations orchestrate systems, enabling them to develop repeatable and adaptive incident response processes.<\/p>\n<\/blockquote>\n<h6>Swimlane and the NIST Cybersecurity Framework to improve incident response<\/h6>\n<p>Swimlane delivers security automation and orchestration that can help your organization comply with the Cybersecurity Framework and improve incident response. Easy to implement, use, manage and scale, Swimlane uses object-oriented methods that enable a security operations team to leverage the capabilities of their existing security tools.<\/p>\n<p>Are you interested in learning more about how security automation can help your organization? Download our e-book \u2013 <a href=\"https:\/\/swimlane.com\/sao-use-cases-ebook\/\">8 Real-World Use Cases for Security Orchestration, Automation and Response<\/a><em>.<\/em><\/p>\n\n\n\n<div class=\"bs-div bs-div-6a76c51cfc9dc75405507120e5a6646218570ff8 bs-div---default bs-div--blog-inner-download-guide\"><style>.bs-div.bs-div-6a76c51cfc9dc75405507120e5a6646218570ff8 {background-image: url(https:\/\/swimlane.com\/wp-content\/uploads\/2022\/10\/download-report.png); background-position: center center;\n    background-size: cover;} <\/style><div class=\"bs-div__inner d-flex flex-wrap justify-content-center  flex-md-row-reverse align-items-md-center justify-content-md-between flex-md-nowrap  \"><div class='media-elements bs-media-element---default enable'>    <div class='bs-common-image'>\n                            <figure class='figure justify-content-start d-flex'>\n                            <picture>\n                            \n                            <img src='https:\/\/swimlane.com\/wp-content\/uploads\/Turbine_Alert-Triage-Solution.gif' class='img-fluid'   alt='Swimlane Playbooks dashboard showing Automated Remediation, Vulnerability Management, Alert Triage and Case Management workflows.' title='' data-gif= \"https:\/\/swimlane.com\/wp-content\/uploads\/Turbine_Alert-Triage-Solution.gif\" \/>\n                            <\/picture>\n                                \n                            <\/figure>\n                        <\/div><\/div>\n\n\n<div class=\"bs-div bs-div-773aef0a3852274bc6b23f7985e05efd194e399e bs-div---default\"><div class=\"bs-div__inner     \">\n<h3 class=\"wp-block-heading\" id=\"h-request-a-demo\">Request a demo<\/h3>\n\n\n\n<p>If you haven\u2019t had the chance to explore Swimlane Turbine yet, request a demo.&nbsp;<\/p>\n\n\n\n<span class=\"bs-pro-button bs-pro-button---default bs-pro-button--primary-with-arrow-small bs-pro-button-p-btn-0fa2cc04404c13e5c3f964d486ab9e82a075e66c\"><style>.bs-pro-button-p-btn-0fa2cc04404c13e5c3f964d486ab9e82a075e66c .bs-pro-button__container {background-color: #abb8c3; color: #000000;}<\/style><a href=\"https:\/\/swimlane.com\/demo-d\/\" target=\"\" rel=\"noopener noreferrer\" class=\"bs-pro-button__container\">Request a Demo<\/a><\/span>\n<\/div><\/div>\n<\/div><\/div>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-md-12 col-lg-3   bs-column-0ad64702520e52820989c3b8a4a5574abd826112 bs-column---default     \">\n<div class=\"bs-div bs-div-f0851be86a4542da358c10ec17ccebffa17efe07 bs-div---default bs-div--tags\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading\" id=\"h-tags\">Tags<\/h2>\n\n\n<div class=\"post-tag-wrapper\">\n    <p><a href='https:\/\/swimlane.com\/pt\/tag\/incident-response\/'><span class='tag-content'>Incident Response<\/span><\/a><a href='https:\/\/swimlane.com\/pt\/tag\/soar\/'><span class='tag-content'>SOAR<\/span><\/a><\/p><\/div>\n<\/div><\/div>\n\n\n\n<div class=\"bs-div bs-div-5e7267355d8caf36f5b5e0c86eef387b664b848d bs-div---default bs-div--related-posts\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading\" id=\"h-related-posts\">Related Posts<\/h2>\n\n\n\n<div class=\"bs-related-posts bs-related-posts-block---default\"><div class=\"bs-related-posts__container\"><div class=\"bs-related-posts__items\">\n<div class=\" bs-column col-sm-4   bs-column-b619eb984092e720779a969a873521d2ec1a85a5 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69cffeed409d8 bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/pt\/blog\/ai-tier-one-soc-nist-response\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>Dez 11, 2025<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>AI for Tier 1 SOC: NIST-Aligned Incident Response<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n\n\n\n<div class=\" bs-column col-sm-4   bs-column-b619eb984092e720779a969a873521d2ec1a85a5 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69cffeed421db bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/pt\/blog\/rsa-netwitness-alerts\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>Out 18, 2017<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>RSA NetWitness alerts managed with security automation and orchestration (SAO)<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n\n\n\n<div class=\" bs-column col-sm-4   bs-column-b619eb984092e720779a969a873521d2ec1a85a5 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69cffeed43415 bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/pt\/blog\/incident-alert-management\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>Out 11, 2017<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>Using security automation and orchestration for incident alert management<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div>\n<\/div><\/div>\n\n\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n<section class=\"bs-section bs-section-2a4a600ae9ab197b6a4ccafe05152bf1a2fde1d1 bs-section---default bs-section--newsletter bs-section--common-marketo-form bs-section--common-marketo-form-two-columns  \"><style>.bs-section.bs-section-2a4a600ae9ab197b6a4ccafe05152bf1a2fde1d1{ background-color: #000743;} <\/style><div class=\"container-fluid\">\n<div class=\"bs-row row   bs-row---default\">\n<div class=\" bs-column col-sm-0 col-md-0 col-lg-6   bs-column-df5e10bef85c15055718b4d93887855962017939 bs-column---default     \">\n<h2 class=\"wp-block-heading has-white-color has-text-color\" id=\"requestor\">Request a Live Demo<\/h2>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-0 col-md-0 col-lg-6   bs-column-df5e10bef85c15055718b4d93887855962017939 bs-column---default     \"><div class='media-elements bs-media-element---default enable'>    <div class='bs-common-image'>\n                            <figure class='figure justify-content-start d-flex'>\n                            <picture>\n                            \n                            <img src='https:\/\/swimlane.com\/wp-content\/uploads\/liitp.svg' class='img-fluid'   alt='' title=''  \/>\n                            <\/picture>\n                                \n                            <\/figure>\n                        <\/div><\/div>\n\n<script src=\"\/\/pages.swimlane.com\/js\/forms2\/js\/forms2.min.js\"><\/script>\n<form id=\"mktoForm_1017\"><\/form>\n<script>\n    var embeddedFormId = '05a6905d0187a23e165b2fd995e965fe15cb94f6';\n    var marketoBaseUrl = '\/\/pages.swimlane.com';\n    var munchkinId = '978-QCM-390';\n    var formId = '1017';\n    var responseType = 'redirect';\n    var responseMessage = 'Thank you!';\n    var redirectURL = '';\n    var downloadFileURL = '';\n    var linkOpenType = '_self';\n    var popupVideo = 'url';\n    var popupVideoURL = '';\n    var popupVideoUploadURL = '';\n    MktoForms2.loadForm(marketoBaseUrl, munchkinId, formId, function(form) {\n        form.onSuccess(function(values, followUpUrl) {\n            document.getElementById(\"int_mktoForm_\" + formId).innerHTML = responseMessage;\n                    });\n    });\n<\/script>\n<div class=\"form-submit-note\" id=\"int_mktoForm_1017\"><\/div>\n<!-- Incluing form response options -->\n\n\n\n<script>\n    (function() {\n        \/\/ Please include the email domains you would like to block in this list\n        var invalidDomains = [\"@gmail.\", \"@yahoo.\", \"@hotmail.\", \"@live.\", \"@icloud.\",\"@aol.\", \"@outlook.\", \"@proton.\", \"@mailinator.\"];\n\n\n        MktoForms2.whenReady(function(form) {\n            form.onValidate(function() {\n                var email = form.vals().Email;\n                if (email) {\n                    if (!isEmailGood(email)) {\n                        form.submitable(false);\n                        var emailElem = form.getFormElem().find(\"#Email\");\n                        form.showErrorMessage(\"Must be Business email.\", emailElem);\n                    } else {\n                        form.submitable(true);\n                    }\n                }\n            });\n        });\n\n        function isEmailGood(email) {\n            for (var i = 0; i < invalidDomains.length; i++) {\n                var domain = invalidDomains[i];\n                if (email.indexOf(domain) != -1) {\n                    return false;\n                }\n            }\n            return true;\n        }\n\n\n    })(); \n<\/script>\n<\/div>\n<\/div>\n<\/div><\/section>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":5,"featured_media":9814,"template":"","meta":{"_acf_changed":false,"show_custom_date":false,"custom_date":"","featured":false,"featured_image":0,"learn_more_label":"","image_alt_text":"","learn_more_type":"","learn_more_link":[],"show_popup":false,"disable_iframe":false,"enable_lazy_loading":false,"learn_more_link_file":0,"event_date":false,"event_start_date":"","event_end_date":"","featured_page_list":[],"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","inline_featured_image":false,"footnotes":""},"tags":[89,225],"resource-type":[67],"resource-topic":[],"resource-industry":[],"blog-category":[70],"class_list":["post-9813","sw_resource","type-sw_resource","status-publish","has-post-thumbnail","hentry","tag-soar","tag-incident-response","resource-type-blogs","blog-category-secops"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.5 (Yoast SEO v27.1.1) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Improving incident response with the NIST Cybersecurity Framework and\u2026<\/title>\n<meta name=\"description\" content=\"Security Automation and Orchestration (SAO) makes it easy to comply with three core functions of the NIST Cybersecurity Framework: detect, respond and\u2026\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/swimlane.com\/pt\/blogue\/resposta-a-incidentes-do-nist\/\" \/>\n<meta property=\"og:locale\" content=\"pt_PT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Improving incident response with the NIST Cybersecurity Framework and security automation and orchestration (SAO)\" \/>\n<meta property=\"og:description\" content=\"Security Automation and Orchestration (SAO) makes it easy to comply with three core functions of the NIST Cybersecurity Framework: detect, respond and\u2026\" \/>\n<meta property=\"og:url\" content=\"https:\/\/swimlane.com\/pt\/blogue\/resposta-a-incidentes-do-nist\/\" \/>\n<meta property=\"og:site_name\" content=\"AI Security Automation\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-31T10:24:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/swimlane.com\/wp-content\/uploads\/01.31.18-Cybersecurity-Framework-1024x636.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"636\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@swimlane\" \/>\n<meta name=\"twitter:label1\" content=\"Tempo estimado de leitura\" \/>\n\t<meta name=\"twitter:data1\" content=\"7 minutos\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Aprimorando a resposta a incidentes com a estrutura de seguran\u00e7a cibern\u00e9tica do NIST e\u2026","description":"A Automa\u00e7\u00e3o e Orquestra\u00e7\u00e3o de Seguran\u00e7a (SAO) facilita o cumprimento de tr\u00eas fun\u00e7\u00f5es essenciais da Estrutura de Seguran\u00e7a Cibern\u00e9tica do NIST: detectar, responder e\u2026","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/swimlane.com\/pt\/blogue\/resposta-a-incidentes-do-nist\/","og_locale":"pt_PT","og_type":"article","og_title":"Improving incident response with the NIST Cybersecurity Framework and security automation and orchestration (SAO)","og_description":"Security Automation and Orchestration (SAO) makes it easy to comply with three core functions of the NIST Cybersecurity Framework: detect, respond and\u2026","og_url":"https:\/\/swimlane.com\/pt\/blogue\/resposta-a-incidentes-do-nist\/","og_site_name":"AI Security Automation","article_modified_time":"2026-03-31T10:24:13+00:00","og_image":[{"width":1024,"height":636,"url":"https:\/\/swimlane.com\/wp-content\/uploads\/01.31.18-Cybersecurity-Framework-1024x636.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_site":"@swimlane","twitter_misc":{"Tempo estimado de leitura":"7 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/swimlane.com\/pt\/blog\/nist-incident-response\/","url":"https:\/\/swimlane.com\/pt\/blog\/nist-incident-response\/","name":"Aprimorando a resposta a incidentes com a estrutura de seguran\u00e7a cibern\u00e9tica do NIST e\u2026","isPartOf":{"@id":"https:\/\/swimlane.com\/pt\/#website"},"primaryImageOfPage":{"@id":"https:\/\/swimlane.com\/pt\/blog\/nist-incident-response\/#primaryimage"},"image":{"@id":"https:\/\/swimlane.com\/pt\/blog\/nist-incident-response\/#primaryimage"},"thumbnailUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/01.31.18-Cybersecurity-Framework.png","datePublished":"2018-01-31T14:50:00+00:00","dateModified":"2026-03-31T10:24:13+00:00","description":"A Automa\u00e7\u00e3o e Orquestra\u00e7\u00e3o de Seguran\u00e7a (SAO) facilita o cumprimento de tr\u00eas fun\u00e7\u00f5es essenciais da Estrutura de Seguran\u00e7a Cibern\u00e9tica do NIST: detectar, responder e\u2026","breadcrumb":{"@id":"https:\/\/swimlane.com\/pt\/blog\/nist-incident-response\/#breadcrumb"},"inLanguage":"pt-PT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/swimlane.com\/pt\/blog\/nist-incident-response\/"]}]},{"@type":"ImageObject","inLanguage":"pt-PT","@id":"https:\/\/swimlane.com\/pt\/blog\/nist-incident-response\/#primaryimage","url":"https:\/\/swimlane.com\/wp-content\/uploads\/01.31.18-Cybersecurity-Framework.png","contentUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/01.31.18-Cybersecurity-Framework.png","width":1120,"height":696,"caption":"Diagram of a padlock and chain over a world map with binary code background."},{"@type":"BreadcrumbList","@id":"https:\/\/swimlane.com\/pt\/blog\/nist-incident-response\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/swimlane.com\/"},{"@type":"ListItem","position":2,"name":"Improving incident response with the NIST Cybersecurity Framework and security automation and orchestration (SAO)"}]},{"@type":"WebSite","@id":"https:\/\/swimlane.com\/pt\/#website","url":"https:\/\/swimlane.com\/pt\/","name":"Automa\u00e7\u00e3o de seguran\u00e7a de baixo c\u00f3digo e plataforma SOAR | Swimlane","description":"Automa\u00e7\u00e3o de IA ag\u00eantica para todas as fun\u00e7\u00f5es de seguran\u00e7a","publisher":{"@id":"https:\/\/swimlane.com\/pt\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/swimlane.com\/pt\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-PT"},{"@type":"Organization","@id":"https:\/\/swimlane.com\/pt\/#organization","name":"Automa\u00e7\u00e3o de seguran\u00e7a de baixo c\u00f3digo e plataforma SOAR | Swimlane","url":"https:\/\/swimlane.com\/pt\/","logo":{"@type":"ImageObject","inLanguage":"pt-PT","@id":"https:\/\/swimlane.com\/pt\/#\/schema\/logo\/image\/","url":"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg","contentUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg","width":912,"height":190,"caption":"Low-Code Security Automation & SOAR Platform | Swimlane"},"image":{"@id":"https:\/\/swimlane.com\/pt\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/swimlane","https:\/\/www.linkedin.com\/company\/swimlane\/"]}]}},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/swimlane.com\/pt\/wp-json\/wp\/v2\/sw_resource\/9813","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/swimlane.com\/pt\/wp-json\/wp\/v2\/sw_resource"}],"about":[{"href":"https:\/\/swimlane.com\/pt\/wp-json\/wp\/v2\/types\/sw_resource"}],"author":[{"embeddable":true,"href":"https:\/\/swimlane.com\/pt\/wp-json\/wp\/v2\/users\/5"}],"version-history":[{"count":1,"href":"https:\/\/swimlane.com\/pt\/wp-json\/wp\/v2\/sw_resource\/9813\/revisions"}],"predecessor-version":[{"id":55425,"href":"https:\/\/swimlane.com\/pt\/wp-json\/wp\/v2\/sw_resource\/9813\/revisions\/55425"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/swimlane.com\/pt\/wp-json\/wp\/v2\/media\/9814"}],"wp:attachment":[{"href":"https:\/\/swimlane.com\/pt\/wp-json\/wp\/v2\/media?parent=9813"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/swimlane.com\/pt\/wp-json\/wp\/v2\/tags?post=9813"},{"taxonomy":"resource-type","embeddable":true,"href":"https:\/\/swimlane.com\/pt\/wp-json\/wp\/v2\/resource-type?post=9813"},{"taxonomy":"resource-topic","embeddable":true,"href":"https:\/\/swimlane.com\/pt\/wp-json\/wp\/v2\/resource-topic?post=9813"},{"taxonomy":"resource-industry","embeddable":true,"href":"https:\/\/swimlane.com\/pt\/wp-json\/wp\/v2\/resource-industry?post=9813"},{"taxonomy":"blog-category","embeddable":true,"href":"https:\/\/swimlane.com\/pt\/wp-json\/wp\/v2\/blog-category?post=9813"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}