SOC automation is when a security operations center automates aspects of their cybersecurity defense such as detection, investigation, and response. One of the more common types of SOC automation is via SOAR (security orchestration automation and response).

The goal of SOC automation is to augment the SOC team to speed up the time from detection to remediation. Most SOCs face a lack of manpower which makes it overwhelming, if not impossible, to handle the number of alerts the SOC sees each day. By automating aspects of the SOC, the SOC team can focus on complex threats and not waste time on benign alerts or known threats. Known threats can be quickly resolved by automating the response process.