Résumé:
The escalating sophistication and ubiquity of command and control (C2) attacks present
formidable challenges to organisations in terms of their ability to detect and respond to these
threats effectively. Security operations centres (SOCs) grapple with resource limitations,
skills shortages, and the need for seamless coordination among disparate systems. In this
context, the emergence of security orchestration, automation, and response (SOAR) offers a
promising solution. By automating mundane tasks, leveraging advanced intelligence and
reporting capabilities, and streamlining workflows through playbooks, SOAR empowers
cybersecurity professionals to leverage their expertise in more strategic and impactful ways.
In this work, a comprehensive solution is proposed to address the challenges posed by
command and control attacks. Harnessing the capabilities of SOAR technologies, the solution
strives to boost threat identification and enhance incident response proficiency. By integrating
the capabilities of Shuffle with Wazuh, the solution offers an integrated and intelligent
approach to detect and mitigate command and control attacks effectively. Through the
orchestration of security tools, automation of repetitive tasks, and streamlined response
workflows, the solution empowers security teams to combat sophisticated attacks with speed
and efficiency. The effectiveness of the solution will be evaluated through rigorous testing
and analysis, demonstrating its ability to provide advanced protection against command and
control threats while optimising operational efficiency in SOCs. As a result of the
experimental study conducted on the detection capabilities of Wazuh and the response
automation provided by Shuffle, it was observed that the integration of these two
technologies yielded positive outcomes. Wazuh demonstrated its effectiveness in detecting
command and control C2 attacks, while Shuffle showcased its ability to automate incident
response actions.
Keywords: SOAR, SOC, automation, workflows.
