Security Orchestration, Automation, and Response - tools that automate security operations and incident response. Like having a security robot that can investigate and respond to threats automatically.
When SIEM detects a potential breach, SOAR automatically isolates the affected system, collects forensic data, and notifies the security team.
SOAR is a capability rather than a single universal cloud service. Microsoft Sentinel includes SOAR-style playbooks (Logic Apps). Google Security Operations offers a dedicated SOAR product. AWS and OCI don’t have a single first-party service branded strictly as “SOAR”; SOAR is typically delivered via partner tools integrated with their SIEM/logging and automation services.