1. CSN
  2. All Volumes and Issues
  3. Volume 7, Number 2, 2025
  4. Automate Cloud Security Incident Management With a SOAR-Based Approach

Automate Cloud Security Incident Management With a SOAR-Based Approach

CSN.
2025;
Volume 7, Number 2
: pp. 177 - 192
https://doi.org/10.23939/csn2025.02.177
Authors:
  1. O. S. Sapsai
  2. Y. V. Martseniuk
  3. A. I. Partyka
1
Lviv Polytechnic National University, Department of Information Protection, Ukraine
2
Lviv Polytechnic National University, Department of Information Protection, Ukraine
3
Lviv Polytechnic National University, Department of Information Protection, Ukraine

Modern organizations increasingly integrate public cloud platforms such as AWS, Azure, and Google Cloud Platform into their infrastructure to enhance flexibility and scalability. However, multi- cloud environments introduce new cybersecurity challenges. Human factors and careless handling of access parameters to cloud resources can create serious threats. In particular, if an attacker gains access to authorization keys, they can not only control existing resources but also create new ones for malicious purposes-such as launching attacks, distributing malware, or mining cryptocurrencies. Such incidents can rapidly cause financial losses, undermine user trust, and disrupt the stability of critical services.

This study explores the use of Splunk SOAR (Security Orchestration, Automation, and Response) as a tool for automated detection, analysis, and response to threats in public cloud environments. The primary focus is on integrating Splunk SOAR with cloud providers’ APIs to dynamically block compromised resources and to implement detailed response playbooks that isolate threats at the level of individual components (virtual machines, network policies, user accounts).

The paper also analyzes the integration of Splunk anomaly detection with Palo Alto Prisma as a comprehensive deviation scanner, the use of HashiCorp Vault for credentials protection, the introduction of a quarantine mode for isolating compromised resources, and the improvement of incident response processes.

The results demonstrate that automating security processes with Splunk SOAR significantly reduces response time, minimizes the impact of the human factor, and lowers the risk of cloud infrastructure compromise. The proposed approach strengthens an organization’s resilience to threats in a multi-cloud environment, ensuring an optimal balance between security, availability, and operational efficiency.

Cloud security
Public cloud environments
multi-cloud infrastructure
Splunk SOAR
automated incident response
incident management
threat mitigation
resource blocking
anomaly monitoring
cloud provider APIs
security operations
automation
DevOps
threat intelligence
human factor
  1. Vakhula O., Opirskyy I., Mykhaylova O. Research on Security Challenges in Cloud Environments and Solutions based on the “security-as-Code” Approach (2023). CEUR Workshop Proceedings, 3550, pp. 55–69.
  2. Vasylyshyn S., Susukailo V., Opirskyy I., Kurii Y., Tyshyk I. A model of decoy system based on dynamic attributes for cybercrime investigation, Eastern-European J. Enterp. Technol. 1.9 (121) (2023) 6–20. DOI: 10.15587/1729-4061.2023.273363.
  3. Suram, Kiran. (2025). Innovations in Infrastructure Automation: Advancing IAM in Cloud Security. International Journal of Scientific Research in Computer Science, Engineering and Information Technology. 11. 255-263.  DOI:  10.32628/CSEIT25111223.
  4. Soldatenko, D. & Vik,. (2022). Study of efficiency of using it-infrastructure-as-a-service for cloud computing. System technologies. 2. 68–76. DOI: 10.34185/1562-9945-2-139-2022-07.
  5. Narayanasamy, Deneesh. (2025). Transforming Healthcare with Secure Cloud Infrastructure. International Journal  of  Scientific  Research  in  Computer Science,  Engineering  and  Information  Technology.  11.  633-644.  DOI: 10.32628/CSEIT25111271.
  6. Thokala, Vasudhar Sai. (2023). Scalable Cloud Deployment and Automation for E-Commerce Platforms Using AWS, Heroku, and Ruby on Rails. International Journal of Advanced Research in Science, Communication and Technology. 349-362.  DOI: 10.48175/IJARSCT-13555A.
  7. Narayanan, Pavan. (2024). Engineering Data Pipelines Using Google Cloud Platform. DOI: 10.1007/979-8- 8688-0602-5_16.
  8. Sreerangapuri, Ashok. (2024). Blockchain-Enabled AI Governance for Scalable Cloud Security Automation. INTERNATIONAL    JOURNAL    OF    COMPUTER    ENGINEERING    &    TECHNOLOGY.    15.    947-959.    DOI: 10.5281/zenodo.13962366.
  9. Ramya J. (2024). Data-Driven Framework for Cloud Storage Security Optimization: Leveraging Predictive Analytics and Machine Learning to Enhance Threat Detection and Incident Response. Journal of Electrical Systems. 20. 6646-6653.  DOI:  10.52783/jes.6721.
  10. Torkura, Kennedy & Sukmana, Muhammad Ihsan Haikal & Cheng, Feng & Meinel, Christoph. (2020). Continuous Auditing & Threat Detection in Multi-Cloud Infrastructure. DOI: 10.36227/techrxiv.13108313.
  11. Christian, Juan & Paulino, Luis & Sá, Alan. (2022). A Low-Cost and Cloud Native Solution for Security Orchestration, Automation, and Response. DOI: 10.1007/978-3-031-21280-2_7.
  12. Rehan, Hassan. (2022). Zero-Trust Architecture for Securing Multi-Cloud Environments. 2. 236-273.
  13. Abbas, Munawar & Iqbal, Javid. (2025). Autonomous Threat Response Systems: A New Paradigm for Intelligent Cloud Security Automation. DOI: 10.13140/RG.2.2.13750.20800.
  14. Pitkar, Harshad. (2025). Cloud Security Automation Through Symmetry: Threat Detection and Response. Symmetry. 17. 859. DOI: 10.3390/sym17060859.
  15. Mahida, Ankur. (2023). Real-Time Incident Response and Remediation-A Review Paper. Journal of Artificial Intelligence & Cloud Computing. 1-3. DOI: 10.47363/JAICC/2023(2)247.
  16. Martseniuk, Y., Partyka, A., Harasymchuk, O., Cherevyk V. and Dovzhenko N. Research of the Centralized Configuration Repository Efficiency for Secure Cloud Service Infrastructure Management (2025) CEUR Workshop Proceedings, 3991, pp. 260-274.
  17. Varadaraj, Prabhu. (2025). Multi-Cloud and Hybrid Infrastructure: Addressing Consistency Challenges Across Cloud Providers. International Journal of Advanced Research in Science, Communication and Technology. 520-526.  DOI:  10.48175/IJARSCT-24465.
  18. Smith, John & Johnson, Emily & Patel, Raj & Christopher, George. (2023). Enhancing Cloud Security Incident Response with AI and Big Data Integration.
  19. Mercy, Olaosegba. (2023). Holistic Security Solutions for Complex Multi- Cloud Ecosystems. International Journal of Novel Research and Development.
  20. Jangampet, Vinay & Pulyala, Srinivas & Desetty, Avinash. (2019). The Impact of Security Orchestration, Automation, and Response (SOAR) on Security Operations Center (SOC) Efficiency: A Comprehensive Analysis. Turkish Journal       of       Computer       and       Mathematics       Education       (TURCOMAT).       10.       1545-1549.       DOI: 10.61841/turcomat.v10i3.14323.
  21. Ismail & Kurnia, Rahmat & Brata, Zilmas & Nelistiani, Ghitha & Heo, Shinwook & Kim, Hyeongon & Kim, Howon. (2025). Toward Robust Security Orchestration and Automated Response in Security Operations Centers with a Hyper-Automation Approach Using Agentic Artificial Intelligence. Information. 16. 365. DOI: 10.3390/info16050365.
  22. Vast, Rahul & Sawant, Shruti & Thorbole, Aishwarya & Badgujar, Vishal. (2021). Artificial Intelligence based Security Orchestration, Automation and Response System. 1–5. DOI: 10.1109/I2CT51068.2021.9418109.
  23. Aljahdali, Asia & Alsulami, Raghad. (2025). Streamlining threat response and automating critical use cases with security orchestration, automation and response (SOAR). Journal of Digital Security and Forensics. 2. DOI: 10.29121/digisecforensics.v2.i1.2025.45.
  24. Lee, Minkyung & Jang-Jaccard, Julian & Kwak, Jin. (2022). Novel Architecture of Security Orchestration, Automation and Response in Internet of Blended Environment. Computers, Materials & Continua. 73. 199-223. DOI: 10.32604/cmc.2022.028495.
  25. Gunnam, Vinodh & Kilaru, Naresh Babu & Cheemakurthi, Sai Krishna Manohar. (2023). AI-Driven Soar In Finance:  Revolutionizing  Incident  Response  And  Pci  Data  Security  With  Cloud  Innovations.  5.  974-980.  DOI: 10.35629/5252-0502974980.
  26. Dakic, Vedran & Morić, Zlatan & Kapulica, Ana & Regvart, Damir. (2024). Leveraging Microsoft sentinel and logic apps for automated cyber threat response. Edelweiss Applied Science and Technology. 8. 4319-4348. DOI: 10.55214/25768484.v8i6.2933.
  27. Karlzen, Henrik & Sommestad, Teodor. (2023). Automatic incident response solutions: a review of proposed solutions’ input and output. 1-9. DOI: 10.1145/3600160.3605066.
  28. Gulati, Samridhi & Tyagi, Ayushi & Goel, Pawan. (2024). Security Automation and Orchestration in the Cloud. DOI: 10.4018/979-8-3693-3249-8.ch002.