SOAR (Security Orchestration, Automation and Response) is a solution stack that allow an organization to collect data about security threats, and respond to low-level security events without human assistance. Data about these threats can be collected from multiple sources. The goal of using a SOAR stack is to improve the efficiency of physical and digital security operations.
While both security information and event management (SIEM) and SOAR aggregate relevant data from multiple sources. Many companies use SOAR services to augment in-house SIEM software. The core capabilities of SOAR platforms are: