Incident Responders: Can you give some examples of Incidents / types of incidents that are suitable for fully or partly automated response?
You setup security monitoring – either a full commercial SIEM/SOC or something home-cooked (e.g., rsyslog -> OSSIM / MozDef / Splunk / …).
You also setup some rules so that some event triage is done – and you only get alerts for potential Incidents.
I’d like to know what automation is being done beyond this point. Not just more alerting / sending emails or reports – but something that attempts to resolve the incident itself.
Some use cases and some examples of automation solutions (whether standard or DIY) would be helpful.