There’s a tremendous amount of confusion in the market today about the definitions and meaning of the terms automation and orchestration. Within IR Flow, automation refers to the ability to define and execute routine alert or incident-related tasks using technology vs. separate manual actions. Orchestration within IR Flow refers to leveraging programmable, third-party APIs to take a proposed incident action, such as gathering information for enrichment, direct containment or establishing a ticket for remediation.
Workflow is another term often conflated with automation and/or orchestration. Within IR Flow workflows are defined as a series of desired steps, contextually organized and presented to the user for consistent execution of specific alert and incident processes. Workflows can include steps which are automated and can also include steps which involve orchestrating actions in related third-party systems for enrichment, containment and/or remediation.
IR Flow is built on the premise that you can’t “automate away your pain.” While the ability to script and execute steps within IR Flow and third-party systems is supported, some level of human intervention is essential to enable effective Alert Triage and Incident Handling. IR Flow enables the configuration of either manual or automatic workflows for each unique alert or incident type.
IR Flow has an extensive library of pre-built integrations for security systems, ticket systems and IT systems. IR Flow’s Cyber Translation Framework combines data model extensibility with API customizations to connect with virtually any system capable of supporting APIs. If there isn’t a pre-built IR Flow integration to a particular system, it’s most likely because no customer has asked for it yet.