---
type: "term"
title: "SOAR (Security Orchestration, Automation, and Response)"
description: "A category of security tools that enable automated incident response through predefined playbooks."
resource: "tlctc:term:soar-security-orchestration-automation-and-response"
tags:
  - "glossary"
---
# SOAR (Security Orchestration, Automation, and Response)

A category of security tools that enable automated incident response through predefined playbooks. In the TLCTC velocity model, SOAR is critical for the **Fast Velocity Class** (minutes) where automated containment is necessary because human analyst response times are insufficient. SOAR playbooks can be structured around TLCTC attack paths to automate response actions specific to detected cluster sequences.

See also: Fast Velocity Class, EDR, SIEM