I recently wrote about adding a personal touch in SOAR:
https://www.socops.rocks/index.php/2019/04/29/adding-a-personal-touch/
One point included an end user who wants to break out of automation and talk direct to a human with a “click here” button, so they don’t feel ignored/shunned.
I noticed recently this is how a lift works. Lots of buttons to trigger certain functions, but also an alarm button to press when something goes wrong… responsible automation.
My own SOAR demo is guilty of not doing this, it intelligently and informatively acknowledges the request and thanks the user, but until my playbook has reached a conclusion the end user is just a stressed and panicking passive bystander.
Here is my new version, you can see the original acknowledgement email which now gives your staff the ability to ‘break out’.
And here is the logic I wanted: increase the severity, assign it to a team member and start the response SLA counter
Results:
- Responsible automation
- Automation that still runs in parallel by default
- A way to track and SLA time things where things go wrong
- And ultimately, users that don’t feel neglected
Andy