Cybersecurityknowledge~30 mins

Security Orchestration and Automation (SOAR) in Cybersecurity - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Practice Challenge Project Recall Time

Security Orchestration and Automation (SOAR) Basics

📖 Scenario: You work in a cybersecurity team that wants to improve how it handles security alerts. Currently, the team manually investigates each alert, which takes a lot of time. Your goal is to create a simple plan that shows how automation and orchestration can help the team respond faster and more efficiently.

🎯 Goal: Build a step-by-step plan that lists security alerts, sets a priority level, applies automated actions to high-priority alerts, and completes the orchestration process by defining the final response step.

📋 What You'll Learn

Create a list of security alerts with exact names

Add a priority level variable for alerts

Use a loop to automate actions on high-priority alerts

Define the final step to complete the orchestration

💡 Why This Matters

🌍 Real World

Security teams use SOAR to quickly respond to threats by automating repetitive tasks and coordinating multiple security tools.

💼 Career

Understanding SOAR basics helps cybersecurity professionals improve incident response efficiency and reduce manual workload.

Progress0 / 4 steps

Create the list of security alerts

Create a list called alerts with these exact alert names: 'Phishing Email', 'Malware Detected', 'Unauthorized Access', 'Data Leak'.

Cybersecurity

# Create the list of alerts
# Your code here

Need a hint?

Use square brackets to create a list and include all alert names as strings separated by commas.

Set the priority level for alerts

Create a variable called priority_level and set it to the string 'High' to represent the alerts that need urgent attention.

Cybersecurity

alerts = ['Phishing Email', 'Malware Detected', 'Unauthorized Access', 'Data Leak']
# Set the priority level
# Your code here

Need a hint?

Assign the string 'High' to the variable priority_level.

Automate actions on high-priority alerts

Use a for loop with the variable alert to go through each item in the alerts list. Inside the loop, write an if statement that checks if priority_level is 'High'. If true, create a variable called action and set it to the string 'Isolate affected system'.

Cybersecurity

alerts = ['Phishing Email', 'Malware Detected', 'Unauthorized Access', 'Data Leak']
priority_level = 'High'
# Loop through alerts and automate actions
# Your code here

Need a hint?

Use a for loop to check each alert and an if statement to apply the action only when priority is 'High'.

Complete the orchestration process

After the loop, create a variable called orchestration_status and set it to the string 'Completed' to show that the automation process is finished.

Cybersecurity

alerts = ['Phishing Email', 'Malware Detected', 'Unauthorized Access', 'Data Leak']
priority_level = 'High'
for alert in alerts:
    if priority_level == 'High':
        action = 'Isolate affected system'
# Set orchestration status
# Your code here

Need a hint?

Assign the string 'Completed' to the variable orchestration_status after the loop.