Is there an API abstraction for the integrations in a SOC
We are writing custom automation for common activities throughout our Security Operations Center e.g. When SIEM raises alert, enrich it with whether IP address is malicious. When we close an incident in our ticketing system (ServiceNow) cl…