Session
Suárez bite it, Let's Automate SOC to Fight It!
Thursday 23 July
13:00 – 14:00
Accelerator
Back to agenda
In an era where Mauritian enterprises face a rising tide of sophisticated cyber threats, traditional manual Security Operations Center (SOC) processes are no longer sustainable. This session demonstrates how to leverage n8n, a fair-code workflow automation tool, to orchestrate a modern, responsive SOC that bridges the gap between disparate security tools.
Attendees will discover how to transform raw security alerts into actionable intelligence by building automated workflows for alert normalization, threat enrichment, and rapid incident containment. By the end of the session, you will understand how to implement a self-hosted, privacy-centric automation layer that reduces analyst Tier 1 burnout and slashes Mean Time to Respond (MTTR) within the specific regulatory and infrastructure constraints of the Mauritian landscape.
Open source tools will include:
- n8n (workflow automation and orchestration)
- SIEM (log ingestion, correlation, detection)
- Slack (SOC notifications)
- VirusTotal (File/URL Analysis)
- AbuseIPDB (IP Reputation)
- GenAI (reasoning)
I'll share a JSON template of the n8n workflow as a practical 'takeaway' that attendees can take back to their organizations.
Reference:
- https://www.youtube.com/watch?v=Xh9AP-x06jU
- https://kuraido.medium.com/soc-automation-2-0-20da7d4d1fe1
- https://medium.com/@bappesarker2010/soc-automation-forwazuh-siem-integration-with-n8n-virustotal-gmail-03f3ee7ef684
Attendees will discover how to transform raw security alerts into actionable intelligence by building automated workflows for alert normalization, threat enrichment, and rapid incident containment. By the end of the session, you will understand how to implement a self-hosted, privacy-centric automation layer that reduces analyst Tier 1 burnout and slashes Mean Time to Respond (MTTR) within the specific regulatory and infrastructure constraints of the Mauritian landscape.
Open source tools will include:
- n8n (workflow automation and orchestration)
- SIEM (log ingestion, correlation, detection)
- Slack (SOC notifications)
- VirusTotal (File/URL Analysis)
- AbuseIPDB (IP Reputation)
- GenAI (reasoning)
I'll share a JSON template of the n8n workflow as a practical 'takeaway' that attendees can take back to their organizations.
Reference:
- https://www.youtube.com/watch?v=Xh9AP-x06jU
- https://kuraido.medium.com/soc-automation-2-0-20da7d4d1fe1
- https://medium.com/@bappesarker2010/soc-automation-forwazuh-siem-integration-with-n8n-virustotal-gmail-03f3ee7ef684
